Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39370: Improper access to debug panel

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the install/update.php script.

CVE
#php

Moderate

trasher published GHSA-6c2p-wgx9-vrjc

Nov 3, 2022

Package

glpi (glpi)

Affected versions

>= 0.70

Patched versions

10.0.4

Description

Impact

Connected user may gain access to debug panel through the GLPI update script.

Patches

Upgrade to 10.0.4.

Workarounds

Delete the install/update.php script.

For more information

If you have any questions or comments about this advisory, mail us at [email protected].

Severity

Moderate

4.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE ID

CVE-2022-39370

Weaknesses

CWE-284

Credits

  • zenmpi

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda