Security Flaw in Addressing GLPI Plugin Allows Data Disclosure
CVE-2024-53850

8.2HIGH

Key Information:

Vendor: Pluginsglpi
Status: Addressing
Vendor: CVE Published:; 26 December 2024

🔔 Create Pluginsglpi Vulnerability Alert

What is CVE-2024-53850?

The Addressing GLPI plugin, which provides visualization and reporting features for IP addresses within a network, contains a vulnerability in versions 3.0.0 through 3.0.3. This flaw arises from inadequate security checks that permit an unauthenticated attacker to ascertain the existence of data by its name within the GLPI environment. Such unauthorized access can lead to potential exposure of sensitive information, significantly increasing the risk of future attacks or data breaches. It is crucial for users of the affected plugin versions to implement recommended security measures and update to a patched version to safeguard their systems.

Affected Version(s)

addressing >= 3.0.0 < 3.0.3

References

https://github.com/pluginsGLPI/addressing/security/adviso...

x_refsource_CONFIRM

https://github.com/pluginsGLPI/addressing/commit/b334187a...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2024
Vulnerability Reserved
Nov 22, 2024

JSON