GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13.
References
Configurations
No configuration.
History
21 Nov 2024, 09:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://borelenzo.github.io/stuff/2024/02/29/glpi-pwned.html - | |
References | () https://github.com/glpi-project/glpi/commit/d02c537d23cbb729fe18b87f71b3c6e84e9892da - | |
References | () https://github.com/glpi-project/glpi/releases/tag/10.0.13 - | |
References | () https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj - |
24 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
18 Mar 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-18 16:15
Updated : 2024-11-21 09:05
NVD link : CVE-2024-27937
Mitre link : CVE-2024-27937
CVE.ORG link : CVE-2024-27937
JSON object : View
Products Affected
No product.
CWE
CWE-285
Improper Authorization