PT-2024-8175 · Glpi+2 · Glpi+2
Qbiguenet
·
Published
2024-11-06
·
Updated
2025-08-13
·
CVE-2024-47758
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
GLPI versions 9.3.0 through 10.0.16
Description:
The issue is related to incorrect access control in the GLPI system, which can be exploited by a remote attacker to gain unauthorized access to an account through the API. An authenticated user can use the API to take control of any user with the same or lower level of privileges.
Recommendations:
For GLPI versions 9.3.0 through 10.0.16, update to version 10.0.17 or later to resolve the issue. As a temporary workaround, consider restricting API access to minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Glpi
Red Os