GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
History

Wed, 11 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Description GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch. GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 11 Dec 2024 16:00:00 +0000

Type Values Removed Values Added
Description GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch.
Title GLPI vulnerable to account takeover without privilege escalation through the API
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-11T15:50:22.285Z

Updated: 2024-12-11T17:10:22.033Z

Reserved: 2024-09-30T21:28:53.230Z

Link: CVE-2024-47758

cve-icon Vulnrichment

Updated: 2024-12-11T17:10:14.276Z

cve-icon NVD

Status : Received

Published: 2024-12-11T16:15:11.947

Modified: 2024-12-11T17:15:16.520

Link: CVE-2024-47758

cve-icon Redhat

No data.