CVE-2023-23610
First published: Thu Jan 26 2023(Updated: )
GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teclib GLPI | >=0.65<9.5.12 | |
| Teclib GLPI | >=10.0.0<10.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-23610?
CVE-2023-23610 is a vulnerability in GLPI versions prior to 9.5.12 and 10.0.6 that allows any user to export data of almost any GLPI item type, even those on which the user is not allowed to access.
How severe is CVE-2023-23610?
CVE-2023-23610 has a severity rating of 6.5, which is considered medium.
How can I fix CVE-2023-23610?
To fix CVE-2023-23610, users should update their GLPI software to version 9.5.12 or 10.0.6.
What is Improper Privilege Management?
Improper Privilege Management is a vulnerability that allows users to have more privileges than intended, potentially leading to unauthorized access and data leakage.
Where can I find more information about CVE-2023-23610?
More information about CVE-2023-23610 can be found at this link: https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf.
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/glpi-project
- canonical/teclib glpi
- version/teclib glpi/0.65
- version/teclib glpi/10.0.0