PT-2023-3797 · Glpi+2 · Glpi+2

Flegastelois

Publicado

2023-05-07

Atualizado

2024-08-22

CVE-2023-35940

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 9.5.0 through 10.0.7

Description The issue is related to an incorrect rights check on a file in GLPI, a free asset and IT management software package. This allows an unauthenticated user to access dashboards data. The problem is associated with deficiencies in the authentication procedure, which can be exploited by a remote attacker to disclose protected information.

Recommendations For versions 9.5.0 through 10.0.7, update to version 10.0.8, which contains a patch for this issue.

Exploit

Correção

Missing Authorization

Improper Access Control

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-284CWE-287

Identificadores relacionados

ALT-PU-2023-4552

ALT-PU-2023-7633

ALT-PU-2024-8030

BDU:2023-04089

CVE-2023-35940

GHSA-QRH8-RG45-45FW

Produtos afetados

Alt Linux

Glpi

Red Os

PT-2023-3797 · Glpi+2 · Glpi+2

CVE-2023-35940

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13