Unrated severityNVD Advisory· Published May 5, 2020· Updated Aug 4, 2024
weak CSRF tokens in GLPI
CVE-2020-11035
Description
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>0.83.3, <9.4.6+ 1 more
- (no CPE)range: >0.83.3, <9.4.6
- (no CPE)range: > 0.83.3, < 9.4.6
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/mitrevendor-advisoryx_refsource_FEDORA
- github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.