Open Redirect Vulnerability in GLPI by GLPI Project
CVE-2024-11955

5.3MEDIUM

Key Information:

Vendor

GLPI Project
Status
Glpi
Vendor
CVE Published:
25 February 2025

Badges

đź“° News Worthy

What is CVE-2024-11955?

A vulnerability exists in GLPI versions up to 10.0.17, specifically within the /index.php file. This issue stems from improper handling of the 'redirect' argument, allowing an attacker to execute a remote open redirect. Publicly disclosed exploits could be utilized, highlighting the urgency for users to upgrade to GLPI version 10.0.18 or later to mitigate this security risk.

Affected Version(s)

GLPI 10.0.0

GLPI 10.0.1

GLPI 10.0.2

News Articles

favicon imageVuXML

VuXML: glpi-project -- GLPI multiple vulnerabilities

CVE-2024-11955: A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The...

References

https://vuldb.com/?id.296809
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296809
signaturepermissions-required
https://vuldb.com/?submit.451775
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • đź“°

    First article discovered by VuXML

  • Vulnerability published

  • Vulnerability Reserved

.