First published: Tue Sep 26 2023(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
GLPI-PROJECT GLPI | >=10.0.8<10.0.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
GLPI stands for Gestionnaire Libre de Parc Informatique, which is a Free Asset and IT Management Software package.
GLPI provides ITIL Service Desk features, licenses tracking, and software auditing.
The vulnerability in GLPI is the lack of path filtering on the GLPI URL.
The vulnerability in GLPI allows an attacker to transmit a malicious URL of the login page.
The severity of the vulnerability in GLPI is medium, with a CVSS score of 5.3.
To fix the vulnerability in GLPI, apply the necessary patches and updates provided by the GLPI project.
You can find more information about the vulnerability in GLPI in the GLPI project's security advisory.
The Common Weakness Enumeration (CWE) ID for the vulnerability in GLPI is CWE-22.