Am0O0

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.6 **Description** The issue allows a malicious actor to bypass Cross-Site Request Forgery (CSRF) protection in many places, enabling them to perform various actions on GLPI. This can be exploited by a user who is logged in to GLPI. **Recommendations** For versions prior to 9.5.6, upgrade to version 9.5.6 to resolve the issue. At the moment, there is no information about other workarounds aside from upgrading.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 9.5.6 **Description** The issue affects the autologin cookie used when the "remember me" feature is enabled, making it accessible to scripts. A malicious plugin could exploit this to steal the cookie and use it for autologin. **Recommendations** For versions prior to 9.5.6, update to version 9.5.6 to resolve the issue. As a temporary workaround, consider avoiding the use of the "remember me" feature until the update is applied.