Published on: Not Yet Published
Last Modified on: 02/02/2023 06:33:00 PM UTC
CVE-2023-23610 - advisory for GHSA-6565-hm87-24hfSource: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Glpi from Glpi-project contain the following vulnerability:
GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.
- CVE-2023-23610 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: glpi-project - glpi version = >= 0.65, < 9.5.12
- Affected Vendor/Software: glpi-project - glpi version = >= 10.0.0, < 10.0.6
CVSS3 Score: 6.5 - MEDIUM
|Unauthorized access to data export · Advisory · glpi-project/glpi · GitHub|| github.com |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
No vendor comments have been submitted for this CVE
|@CVEreport||CVE-2023-23610 : GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are v… twitter.com/i/web/status/1…||2023-01-26 22:04:13|