GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
History

Thu, 12 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Description GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.
Title GLPI vulnerable to account takeover via the password reset feature
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-11T17:00:49.124Z

Updated: 2024-12-12T15:15:33.980Z

Reserved: 2024-09-30T21:28:53.231Z

Link: CVE-2024-47761

cve-icon Vulnrichment

Updated: 2024-12-12T15:15:29.991Z

cve-icon NVD

Status : Received

Published: 2024-12-11T17:15:16.753

Modified: 2024-12-11T17:15:16.753

Link: CVE-2024-47761

cve-icon Redhat

No data.