- Description
- GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 7.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-284
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
🚨🚨Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks CVE-2024-50339 (CVSS 9.3): Unauthenticated Session Hijacking CVE-2024-48912 (CVSS 7.2): Insecure Account Deletion CVE-2024-47760 (CVSS 7.5): Account Takeover via API CVE-2024-47761 (CVSS 7.5): Account… https:
@zoomeye_team
16 Dec 2024
672 Impressions
1 Retweet
9 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2024-48912 GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoin… https://t.co/ZTYk9I04D5
@CVEnew
15 Dec 2024
406 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8C93409-21A2-459E-9451-2D915D941D40",
"versionEndExcluding": "10.0.17",
"versionStartIncluding": "10.0.0"
}
],
"operator": "OR"
}
]
}
]