GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
References
Configurations
No configuration.
History
21 Nov 2024, 09:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484 - | |
References | () https://github.com/glpi-project/glpi/releases/tag/10.0.13 - | |
References | () https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w - | |
Summary |
|
18 Mar 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-18 17:15
Updated : 2024-11-21 09:03
NVD link : CVE-2024-27098
Mitre link : CVE-2024-27098
CVE.ORG link : CVE-2024-27098
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)