First published: Thu Nov 03 2022(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=0.70<10.0.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-39370 is a vulnerability in GLPI, an IT management software package, which allows connected users to gain access to the debug panel through the GLPI update script.
GLPI stands for Gestionnaire Libre de Parc Informatique. It is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking, and software auditing.
Connected users can exploit CVE-2022-39370 by gaining access to the debug panel through the GLPI update script.
The severity of CVE-2022-39370 is medium, with a severity score of 4.3.
To fix CVE-2022-39370, install the patch provided by GLPI-PROJECT to address the vulnerability.