- Description
- GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-284
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
Did you know? #GLPI 10.0.17 is out! 🚀 This release fixes critical security issues, including: 🔒 Unauthenticated session hijacking (CVE-2024-50339) 🔒 SQL injection & account takeovers (CVE-2024-40638, CVE-2024-47758) 🔒 Multiple XSS vulnerabilities Update now! #Cybersecurit
@Hawatel_company
19 Dec 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47758 GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control… https://t.co/2xbNAe0lPE
@CVEnew
15 Dec 2024
475 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47758 Privilege Escalation via API Control in GLPI Versions Below 10.0.17 GLPI is a free tool for managing assets and IT stuff. In versions from 9.3.0 to just before 10.0.17, if you were logged in, you c... https://t.co/91A4cksJJq
@VulmonFeeds
11 Dec 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D584AAC4-8709-4A9D-9F49-27BD023743DC",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "9.3.0"
}
],
"operator": "OR"
}
]
}
]