PT-2020-14288 · Teclib+1 · Glpi+1

Moderatetrasher

Published

2020-10-07

Updated

2024-05-22

CVE-2020-15217

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 9.5.0 through 9.5.1

Description The issue concerns a leakage of user information through the public FAQ. It was introduced in version 9.5.0 and patched in 9.5.2.

Recommendations For GLPI versions 9.5.0 through 9.5.1, as a workaround, disable public access to the FAQ. Update to version 9.5.2 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2020-3130

ALT-PU-2020-3162

ALT-PU-2024-8094

CVE-2020-15217

GHSA-X9HG-J29F-WVVV

Affected Products

Alt Linux

Glpi

PT-2020-14288 · Teclib+1 · Glpi+1

CVE-2020-15217

Weakness Enumeration

Related Identifiers

Affected Products

References · 5