GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. |
Wed, 11 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | |
Title | GLPI vulnerable to authenticated insecure account deletion | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-11T17:03:10.014Z
Updated: 2024-12-11T19:32:49.465Z
Reserved: 2024-10-09T22:06:46.171Z
Link: CVE-2024-48912
Vulnrichment
Updated: 2024-12-11T19:32:43.952Z
NVD
Status : Received
Published: 2024-12-11T17:15:17.043
Modified: 2024-12-12T02:04:18.923
Link: CVE-2024-48912
Redhat
No data.