VYPR
Unrated severityNVD Advisory· Published Sep 15, 2021· Updated Aug 4, 2024

Autologin cookie accessible by scripts

CVE-2021-39210

Description

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Glpi Project/Glpillm-fuzzy2 versions
    <9.5.6+ 1 more
    • (no CPE)range: <9.5.6
    • (no CPE)range: < 9.5.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.