GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
References
Configurations
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://advisories.mageia.org/MGASA-2015-0017.html - | |
References | () http://www.glpi-project.org/spip.php?page=annonce&id_breve=325 - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2015:167 - | |
References | () https://forge.indepnet.net/issues/4984 - |
Information
Published : 2015-04-14 18:59
Updated : 2024-11-21 02:11
NVD link : CVE-2014-5032
Mitre link : CVE-2014-5032
CVE.ORG link : CVE-2014-5032
JSON object : View
Products Affected
glpi-project
- glpi
CWE
CWE-264
Permissions, Privileges, and Access Controls