Unrated severityNVD Advisory· Published Mar 18, 2024· Updated Aug 2, 2024

Sensitive fields access through dropdowns in GLPI

CVE-2024-27930

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.

Affected products

Glpi Project/Glpiv5
Range: >= 0.78, < 10.0.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

borelenzo.github.io/stuff/2024/02/29/glpi-pwned.htmlmitrex_refsource_MISC
github.com/glpi-project/glpi/commit/1942b70b2422fff51822f6eb3af500c94760871emitrex_refsource_MISC
github.com/glpi-project/glpi/releases/tag/10.0.13mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-82vv-j9pr-qmwqmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000