GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | |
Title | GLPI vulnerable to account takeover via API | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-11T16:56:57.600Z
Updated: 2024-12-11T20:16:34.813Z
Reserved: 2024-09-30T21:28:53.230Z
Link: CVE-2024-47760
Vulnrichment
Updated: 2024-12-11T20:16:30.674Z
NVD
Status : Received
Published: 2024-12-11T17:15:16.620
Modified: 2024-12-11T17:15:16.620
Link: CVE-2024-47760
Redhat
No data.