PT-2022-7409 · Glpi+2 · Glpi+2

Trasher

Published

2022-04-21

Updated

2024-07-26

CVE-2022-24867

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI (affected versions not specified)

Description The issue is related to an error in the configuration transfer to javascript in the GLPI system, where some entries are filtered out, but the ldap pass variable is not. This allows a remote attacker to gain unauthorized access to the root dn password. GLPI is a free asset and IT management software package that provides ITIL Service Desk features, licenses tracking, and software auditing.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

ALT-PU-2022-1914

ALT-PU-2022-2614

ALT-PU-2022-2624

ALT-PU-2022-2665

ALT-PU-2023-7633

ALT-PU-2024-8030

ALT-PU-2024-8094

BDU:2024-05821

CVE-2022-24867

GHSA-4R49-52Q9-5FGR

Affected Products

Alt Linux

Glpi

Red Os

PT-2022-7409 · Glpi+2 · Glpi+2

CVE-2022-24867

Weakness Enumeration

Related Identifiers

Affected Products

References · 18