First published: Wed Apr 05 2023(Updated: )
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=9.5.0<9.5.13 | |
GLPI-PROJECT GLPI | >=10.0.0<10.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-28852 is a vulnerability in GLPI software versions 9.5.0 to 9.5.13 and 10.0.0 to 10.0.7 that allows a user with dashboard administration rights to store and execute malicious code on the dashboard.
CVE-2023-28852 has a severity rating of 4.8, which is considered medium.
GLPI versions 9.5.0 to 9.5.13 and 10.0.0 to 10.0.7 are affected by CVE-2023-28852.
To fix CVE-2023-28852, upgrade GLPI to version 9.5.13 or 10.0.7 or later.
You can find more information about CVE-2023-28852 on the GLPI GitHub page and the associated security advisories.