PT-2023-6845 · Glpi+2 · Glpi+2
Annfalotaibi
·
Published
2023-09-26
·
Updated
2024-05-22
·
CVE-2023-41326
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GLPI versions prior to 10.0.10
Description
The issue is related to the insecure management of privileges in the Kanban feature of the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to any user's account. This can allow the attacker to hijack the Kanban feature, alter any user field, and potentially steal user accounts.
Recommendations
For versions prior to 10.0.10, upgrade to version 10.0.10 to resolve the issue. As a temporary workaround, consider restricting access to the Kanban feature until the upgrade is applied.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Glpi
Red Os