PT-2023-3797 · Glpi+2 · Glpi+2

Flegastelois

Published

2023-05-07

Updated

2024-08-22

CVE-2023-35940

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 9.5.0 through 10.0.7

Description The issue is related to an incorrect rights check on a file in GLPI, a free asset and IT management software package. This allows an unauthenticated user to access dashboards data. The problem is associated with deficiencies in the authentication procedure, which can be exploited by a remote attacker to disclose protected information.

Recommendations For versions 9.5.0 through 10.0.7, update to version 10.0.8, which contains a patch for this issue.

Exploit

Fix

Missing Authorization

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-284CWE-287

Related Identifiers

ALT-PU-2023-4552

ALT-PU-2023-7633

ALT-PU-2024-8030

BDU:2023-04089

CVE-2023-35940

GHSA-QRH8-RG45-45FW

Affected Products

Alt Linux

Glpi

Red Os

PT-2023-3797 · Glpi+2 · Glpi+2

CVE-2023-35940

Weakness Enumeration

Related Identifiers

Affected Products

References · 13