GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Dec 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | |
Title | GLPI vulnerable to unauthenticated session hijacking | |
Weaknesses | CWE-287 CWE-79 |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-11T17:48:42.230Z
Updated: 2024-12-11T18:31:59.719Z
Reserved: 2024-10-22T17:54:40.954Z
Link: CVE-2024-50339
Vulnrichment
Updated: 2024-12-11T18:31:38.303Z
NVD
Status : Received
Published: 2024-12-12T02:06:19.147
Modified: 2024-12-12T02:06:19.147
Link: CVE-2024-50339
Redhat
No data.