CVE-2022-39375
Published on: Not Yet Published
Last Modified on: 11/03/2022 07:04:00 PM UTC
Certain versions of Glpi from Glpi-project contain the following vulnerability:
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users. This issue has been patched, please upgrade to version 10.0.4. There are currently no known workarounds.
- CVE-2022-39375 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: glpi-project - glpi version >= 0.84, < 10.0.4
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
XSS through public RSS feed · Advisory · glpi-project/glpi · GitHub | github.com text/html | CONFIRM github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Glpi-project | Glpi | All | All | All | All |
- cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2022-39375 : GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management So… twitter.com/i/web/status/1… | 2022-11-03 15:38:48 |
@LinInfoSec | Glpi - CVE-2022-39375: github.com/glpi-project/g… | 2022-11-03 19:01:41 |
/r/netcve | CVE-2022-39375 | 2022-11-03 16:39:16 |