CVE-2023-22500

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 10.0.0 through 10.0.5

Description The issue allows unauthorized access to inventory files. If anonymous access to FAQ is allowed, inventory files become accessible by unauthenticated users.

Recommendations For GLPI versions 10.0.0 through 10.0.5, update to version 10.0.6 to resolve the issue. As a temporary workaround, consider disabling native inventory and delete inventory files from the server, specifically from the files/ inventory location.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2023-1471

ALT-PU-2023-7633

ALT-PU-2024-8030

CVE-2023-22500

GHSA-3GHV-P34R-5GHX

Affected Products

Alt Linux

Glpi

CVE-2023-22500

Weakness Enumeration

Related Identifiers

Affected Products

References · 7