VYPR
Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 4, 2024

weak CSRF tokens in GLPI

CVE-2020-11035

Description

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    >0.83.3, <9.4.6+ 1 more
    • (no CPE)range: >0.83.3, <9.4.6
    • (no CPE)range: > 0.83.3, < 9.4.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.