GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
History

Wed, 11 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 11 Dec 2024 18:00:00 +0000

Type Values Removed Values Added
Description GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

Wed, 11 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Description GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
Title GLPI vulnerable to authenticated insecure account deletion
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-11T17:03:10.014Z

Updated: 2024-12-11T19:32:49.465Z

Reserved: 2024-10-09T22:06:46.171Z

Link: CVE-2024-48912

cve-icon Vulnrichment

Updated: 2024-12-11T19:32:43.952Z

cve-icon NVD

Status : Received

Published: 2024-12-11T17:15:17.043

Modified: 2024-12-12T02:04:18.923

Link: CVE-2024-48912

cve-icon Redhat

No data.