PT-2023-6824 · Glpi+2 · Glpi+2

Jbms-Syn

·

Publicado

2023-09-26

·

Atualizado

2024-05-22

·

CVE-2023-41322

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.10
Description The issue is related to inadequate access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. A user with write access to another user's account can make requests to change the latter's password and then take control of their account. This can allow a remote attacker to gain unauthorized access to another user's account.
Recommendations For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting write access to user accounts to minimize the risk of exploitation.

Exploit

Correção

Improper Access Control

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-284CWE-269

Identificadores relacionados

ALT-PU-2023-6186
ALT-PU-2023-7633
ALT-PU-2024-8030
BDU:2023-07698
CVE-2023-41322
GHSA-9J8M-7563-8XVR

Produtos afetados

Alt Linux
Glpi
Red Os