GLPI LDAP Injection during authentication
CVE-2023-51446

5.9MEDIUM

Key Information:

Vendor: Glpi-project
Status: Glpi
Vendor: CVE Published:; 1 February 2024

Summary

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.

Affected Version(s)

glpi >= 0.70, < 10.0.12

References

https://github.com/glpi-project/glpi/security/advisories/...

x_refsource_CONFIRM

https://github.com/glpi-project/glpi/commit/58c67d78f2e3a...

x_refsource_MISC

https://github.com/glpi-project/glpi/releases/tag/10.0.12

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2024
Vulnerability Reserved
Dec 19, 2023