CVE-2023-41326

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

History

29 Sep 2023, 18:10

Type Values Removed Values Added
CWE CWE-269 NVD-CWE-noinfo
References (MISC) https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9 - (MISC) https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9 - Vendor Advisory
First Time Glpi-project
Glpi-project glpi
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-02-28 20:33


NVD link : CVE-2023-41326

Mitre link : CVE-2023-41326

CVE.ORG link : CVE-2023-41326


JSON object : View

Products Affected

glpi-project

  • glpi
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management