GLPI Vulnerability Allows Take Over of User Accounts
CVE-2024-47758
8.8HIGH
What is CVE-2024-47758?
GLPI, a popular free asset and IT management software, contains a vulnerability that allows authenticated users to exploit the API. Specifically, users with the same or lower privilege levels can assume control over each other's accounts, leading to potential unauthorized access and manipulation of sensitive data. This security issue affects versions from 9.3.0 up to and including 10.0.16. Fortunately, version 10.0.17 provides a patch addressing this critical flaw, ensuring enhanced protection against such vulnerabilities.
Affected Version(s)
glpi >= 9.3.0, < 10.0.17