Jbms-Syn

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.10 **Description** The issue is related to information disclosure in the GLPI system. Exploitation of this issue may allow a remote attacker to disclose protected information. An API user can enumerate sensitive fields values on resources on which he has read access. **Recommendations** For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive fields and resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.10 **Description** The issue is related to inadequate access control in the GLPI system, which provides ITIL Service Desk features, licenses tracking, and software auditing. A user with write access to another user's account can make requests to change the latter's password and then take control of their account. This can allow a remote attacker to gain unauthorized access to another user's account. **Recommendations** For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting write access to user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.10 **Description** The issue is related to information disclosure in the GLPI system, which can be exploited by a remote attacker to reveal protected information, including user logins. **Recommendations** For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** GLPI versions prior to 10.0.10 **Description** The issue is related to insecure privilege management in GLPI, a free asset and IT management software package. An API user with read access to user resources can steal accounts of other users. The vulnerability can be exploited remotely, allowing an attacker to gain unauthorized access to arbitrary user accounts. **Recommendations** For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting API access to user resources to minimize the risk of exploitation. There are no known workarounds for this vulnerability.