GLPI vulnerable to unauthorized access to Dashboard data
CVE-2023-35939
8.1HIGH
What is CVE-2023-35939?
An improper rights check in GLPI versions 9.5.0 through 10.0.7 can allow unauthorized users to view, modify, or interact with Dashboard data. Specifically, this vulnerability raises concerns regarding authenticated and unauthenticated access to certain functionality, possibly exposing sensitive information to malicious actors. Version 10.0.8 addresses this issue with a security patch.
Affected Version(s)
glpi >= 9.5.0, < 10.0.8