First published: Wed Apr 05 2023(Updated: )
GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=0.60<9.5.13 | |
GLPI-PROJECT GLPI | >=10.0.0<10.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this GLPI vulnerability is CVE-2023-28636.
GLPI is a free asset and IT management software package.
The severity of CVE-2023-28636 is medium with a CVSS score of 4.8.
CVE-2023-28636 allows an administrator to create a malicious external link in GLPI versions 0.60 to 9.5.13 and 10.0.0 to 10.0.7.
To fix CVE-2023-28636 in GLPI, update to version 9.5.13 or 10.0.7 or later.