GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch. | GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. |
Metrics |
ssvc
|
Wed, 11 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch. | |
Title | GLPI vulnerable to account takeover without privilege escalation through the API | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-11T15:50:22.285Z
Updated: 2024-12-11T17:10:22.033Z
Reserved: 2024-09-30T21:28:53.230Z
Link: CVE-2024-47758
Vulnrichment
Updated: 2024-12-11T17:10:14.276Z
NVD
Status : Received
Published: 2024-12-11T16:15:11.947
Modified: 2024-12-11T17:15:16.520
Link: CVE-2024-47758
Redhat
No data.