CVE-2023-35939

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions GLPI versions 9.5.0 through 10.0.7

Description The issue is related to inadequate access control in the GLPI system, which can be exploited by a remote attacker to modify or view dashboard data. This is due to an incorrect rights check on a file accessible by an authenticated user, or in some cases, without authentication.

Recommendations For GLPI versions 9.5.0 through 10.0.7, update to version 10.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the affected file to minimize the risk of exploitation.

Exploit

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

ALT-PU-2023-4552

ALT-PU-2023-7633

ALT-PU-2024-8030

BDU:2023-04090

CVE-2023-35939

GHSA-CJCX-PWCX-V34C

Affected Products

Alt Linux

Glpi

Red Os

CVE-2023-35939

Weakness Enumeration

Related Identifiers

Affected Products

References · 14