Headline
CVE-2022-39370: Improper access to debug panel
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the install/update.php
script.
Moderate
trasher published GHSA-6c2p-wgx9-vrjc
Nov 3, 2022
Package
glpi (glpi)
Affected versions
>= 0.70
Patched versions
10.0.4
Description
Impact
Connected user may gain access to debug panel through the GLPI update script.
Patches
Upgrade to 10.0.4.
Workarounds
Delete the install/update.php script.
For more information
If you have any questions or comments about this advisory, mail us at [email protected].
Severity
Moderate
4.3
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE ID
CVE-2022-39370
Weaknesses
CWE-284
Credits
- zenmpi