Open Redirect Vulnerability in GLPI by GLPI Project
CVE-2024-11955

5.3MEDIUM

Key Information:

Vendor
GLPI Project
Status
Glpi
Vendor
CVE Published:
25 February 2025

Summary

A vulnerability exists in GLPI versions up to 10.0.17, specifically within the /index.php file. This issue stems from improper handling of the 'redirect' argument, allowing an attacker to execute a remote open redirect. Publicly disclosed exploits could be utilized, highlighting the urgency for users to upgrade to GLPI version 10.0.18 or later to mitigate this security risk.

Affected Version(s)

GLPI 10.0.0

GLPI 10.0.1

GLPI 10.0.2

References

https://vuldb.com/?id.296809
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296809
signaturepermissions-required
https://vuldb.com/?submit.451775
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.