CVE-2020-11034

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.4.6

Description The issue allows bypassing the open redirect protection based on a regexp. This enables potential redirection to unintended locations, potentially leading to phishing or other malicious activities. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 9.4.6, update to version 9.4.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that may be affected by the open redirect protection bypass until the update is applied.