CVE-2023-23610
Published Jan 26, 2023
Last updated 2 years ago
Overview
- Description
- GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4FD5B9D-8A8D-470C-9E6B-67DC8EAB2622",
"versionEndExcluding": "9.5.12",
"versionStartIncluding": "0.65"
},
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B025E2D5-B467-460F-A5B0-053D46B581E6",
"versionEndExcluding": "10.0.6",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
}
]