GLPI LDAP Injection during authentication
CVE-2023-51446

5.9MEDIUM

Key Information:

Vendor

Glpi-project

Status
Glpi
Vendor
CVE Published:
1 February 2024

What is CVE-2023-51446?

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

glpi >= 0.70, < 10.0.12

References

https://github.com/glpi-project/glpi/security/advisories/...
x_refsource_CONFIRM
https://github.com/glpi-project/glpi/commit/58c67d78f2e3a...
x_refsource_MISC
https://github.com/glpi-project/glpi/releases/tag/10.0.12
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.