CVE-2024-37147

July 10, 2024, 7:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GLPI

  • 10.0.16

Source

security-advisories@github.com

Tags

CVE-2024-37147 details

Published : July 10, 2024, 7:15 p.m.
Last Modified : July 10, 2024, 7:15 p.m.

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.

CVSS Score

1 2 3 4.3 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-284 Improper Access Control The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.3

Exploitability Score

2.8

Impact Score

1.4

Base Severity

MEDIUM

References

URL Source
https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.