GLPI vulnerable to unauthenticated access to Dashboard data
CVE-2023-35940

7.5HIGH

Key Information:

Vendor: Glpi-project
Status: Glpi
Vendor: CVE Published:; 5 July 2023

Summary

The GLPI Asset Management Software, a free and open-source tool, has a vulnerability that allows unauthorized access to sensitive dashboards data due to an improper rights check. This security flaw affects versions from 9.5.0 up to and including 10.0.7. Users are encouraged to update to version 10.0.8, which addresses this issue with a significant patch. It’s crucial for organizations using this software to apply the latest updates to safeguard their information.

Affected Version(s)

glpi >= 9.5.0, < 10.0.8

References

https://github.com/glpi-project/glpi/security/advisories/...

x_refsource_CONFIRM

https://github.com/glpi-project/glpi/releases/tag/10.0.8

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2023
Vulnerability Reserved
Jun 20, 2023