Unrated severityNVD Advisory· Published Apr 21, 2022· Updated Apr 23, 2025

LDAP password exposure in glpi

CVE-2022-24867

Description

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the source code of the rendered page, we can see the password for the root dn. Users are advised to upgrade. There is no known workaround for this issue.

Affected products

Glpi Project/Glpiv5
Range: < 10.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/26f0a20810db11641afdcf671bac7a309acbb94emitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-4r49-52q9-5fgrmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000