Today > 8 Critical | 28 High | 31 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47760

Dec. 11, 2024, 5:15 p.m.

Tags

CWE-284
security-advisories@github.com
2024-12-11
CVE-2024-47760

Product(s) Impacted

GLPI

  • 9.1.0
  • before 10.0.17

Description

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

Weaknesses

CWE-284
Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE ID: 284

Date

Published: Dec. 11, 2024, 5:15 p.m.

Last Modified: Dec. 11, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com