- Description
- GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-287
- Hype score
- Not currently trending
🚨🚨Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks CVE-2024-50339 (CVSS 9.3): Unauthenticated Session Hijacking CVE-2024-48912 (CVSS 7.2): Insecure Account Deletion CVE-2024-47760 (CVSS 7.5): Account Takeover via API CVE-2024-47761 (CVSS 7.5): Account… https:
@zoomeye_team
16 Dec 2024
672 Impressions
1 Retweet
9 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2024-47761 GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications… https://t.co/gx9QYWXabj
@CVEnew
15 Dec 2024
408 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32ABC28B-4FBB-4935-84A6-099E9F11B796",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "0.80"
}
],
"operator": "OR"
}
]
}
]