Arbitrary Object Instantiation Vulnerability Patched in GLPI v10.0.13
CVE-2024-27098
9.6CRITICAL
What is CVE-2024-27098?
GLPI, widely used for asset and IT management, is vulnerable to an SSRF attack facilitated by Arbitrary Object Instantiation. This weakness allows authenticated users to inadvertently access internal resources, potentially leading to unauthorized information disclosure. To mitigate this issue, users are urged to upgrade to GLPI version 10.0.13, which includes essential patches addressing the vulnerability. For further details, the GLPI project provides specific advisories and commit information on their GitHub repository.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
glpi >= 9.5.0, < 10.0.13
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved