VYPR
Unrated severityNVD Advisory· Published Sep 15, 2021· Updated Aug 4, 2024

Bypassable CSRF protection

CVE-2021-39209

Description

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <9.5.6+ 1 more
    • (no CPE)range: <9.5.6
    • (no CPE)range: < 9.5.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.