Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Dec 11, 2024
GLPI vulnerable to account takeover via API
CVE-2024-47760
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=9.1.0, <10.0.17+ 1 more
- (no CPE)range: >=9.1.0, <10.0.17
- (no CPE)range: >= 9.1.0, < 10.0.17
Patches
Vulnerability mechanics
References
2- github.com/glpi-project/glpi/releases/tag/10.0.17mitrex_refsource_MISC
- github.com/glpi-project/glpi/security/advisories/GHSA-r3mx-fr5f-gwgpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.