PT-2023-18551 · Glpi+1 · Glpi+1

Cedric-Anne

Publicado

2023-01-25

Atualizado

2024-05-22

CVE-2023-22500

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 10.0.0 through 10.0.5

Description The issue allows unauthorized access to inventory files. If anonymous access to FAQ is allowed, inventory files become accessible by unauthenticated users.

Recommendations For GLPI versions 10.0.0 through 10.0.5, update to version 10.0.6 to resolve the issue. As a temporary workaround, consider disabling native inventory and delete inventory files from the server, specifically from the files/ inventory location.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

ALT-PU-2023-1471

ALT-PU-2023-7633

ALT-PU-2024-8030

CVE-2023-22500

GHSA-3GHV-P34R-5GHX

Produtos afetados

Alt Linux

Glpi

PT-2023-18551 · Glpi+1 · Glpi+1

CVE-2023-22500

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7