Unrated severityNVD Advisory· Published Dec 11, 2024· Updated Dec 12, 2024

GLPI vulnerable to account takeover via the password reset feature

CVE-2024-47761

Description

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

Affected products

Glpi Project/Glpiv5
Range: >= 0.80, < 10.0.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/releases/tag/10.0.17mitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-x794-564w-vgxxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000