Lucene search
PRIOn knowledge basePRION:CVE-2020-11035HistoryMay 05, 2020 - 10:15 p.m.
Cross site request forgery (csrf)
2020-05-0522:15:00
PRIOn knowledge base
www.prio-n.com
3
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
References
github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
Related
osv
osv
CVE-2020-11035
2020-05-05 22:15:12
ubuntucve
ubuntucve
CVE-2020-11035
2020-05-05 00:00:00
nvd
nvd
CVE-2020-11035
2020-05-05 22:15:12
cvelist
cvelist
CVE-2020-11035 weak CSRF tokens in GLPI
2020-05-05 21:30:12
freebsd
freebsd
glpi -- weak csrf tokens
2020-03-30 00:00:00
nessus
nessus
FreeBSD : glpi -- weak csrf tokens (b64edef7-3b10-11eb-af2a-080027dbe4b7)
2020-12-14 00:00:00
Fedora 31 : glpi (2020-885e2343ed)
2020-05-14 00:00:00
cve
cve
CVE-2020-11035
2020-05-05 22:15:12
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0220)
2022-01-28 00:00:00
Fedora: Security Advisory for glpi (FEDORA-2020-ee30e1109f)
2020-05-15 00:00:00
Fedora: Security Advisory for glpi (FEDORA-2020-885e2343ed)
2020-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32
2020-05-14 02:37:02
[SECURITY] Fedora 31 Update: glpi-9.4.6-1.fc31
2020-05-14 02:29:57
mageia
mageia
Updated glpi packages fix security vulnerabilities
2020-05-24 21:04:47