CVE-2023-42462: File deletion through document upload process in GLPI
First published: Tue Sep 26 2023(Updated: )
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI-PROJECT GLPI | >=10.0.0<10.0.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is GLPI?
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package.
What are the features provided by GLPI?
GLPI provides ITIL Service Desk features, licenses tracking, and software auditing.
How can the document upload process in GLPI be diverted?
The document upload process in GLPI can be diverted to delete some files.
What is the recommended action to address CVE-2023-42462?
Users are advised to upgrade to version 10 of GLPI.
What is the severity of CVE-2023-42462?
The severity of CVE-2023-42462 is critical with a CVSS score of 9.1.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-42462?
The Common Weakness Enumeration (CWE) ID for CVE-2023-42462 is CWE-434 and CWE-22.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/glpi-project
- canonical/glpi-project glpi
- version/glpi-project glpi/10.0.0