Unrated severityNVD Advisory· Published Jun 28, 2022· Updated Apr 23, 2025

Sensitive Data Exposure on Refused Inventory Files in GLPI

CVE-2022-31068

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.

Affected products

Glpi Project/Glpiv5
Range: >=10.0.0, < 10.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/9953a644777e4167b06db9e14fc93b945a557be5mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-g4hm-6vfr-q3wgmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000