What is the severity of CVE-2024-47758?

CVE-2024-47758 is classified as a medium severity vulnerability.

How do I fix CVE-2024-47758?

To fix CVE-2024-47758, update GLPI to version 10.0.17 or later.

Who is affected by CVE-2024-47758?

CVE-2024-47758 affects authenticated users of GLPI versions 9.3.0 through 10.0.16.

What kind of attack is possible with CVE-2024-47758?

An attacker can use the API to take control of any user with the same or lower privilege levels.

Is CVE-2024-47758 fixed in previous versions prior to 10.0.17?

No, CVE-2024-47758 is not fixed in any version prior to 10.0.17.

Vulnerability/
CVE-2024-47758

high

8.8

CWE

284

11/12/2024

6/2/2025

CVE-2024-47758: GLPI vulnerable to account takeover without privilege escalation through the API

First published: Wed Dec 11 2024(Updated: )

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Teclib GLPI	>=9.3.0<10.0.17
GLPI	>9.3.0<=10.0.16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-47758?
CVE-2024-47758 is classified as a medium severity vulnerability.
How do I fix CVE-2024-47758?
To fix CVE-2024-47758, update GLPI to version 10.0.17 or later.
Who is affected by CVE-2024-47758?
CVE-2024-47758 affects authenticated users of GLPI versions 9.3.0 through 10.0.16.
What kind of attack is possible with CVE-2024-47758?
An attacker can use the API to take control of any user with the same or lower privilege levels.
Is CVE-2024-47758 fixed in previous versions prior to 10.0.17?
No, CVE-2024-47758 is not fixed in any version prior to 10.0.17.

agent/title
agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/description
agent/source
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
agent/event
agent/guess-ai
agent/software-canonical-lookup-request
vendor/glpi-project
canonical/teclib glpi
version/teclib glpi/9.3.0
vendor/glpi
canonical/glpi

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2024-47758?
CVE-2024-47758 is classified as a medium severity vulnerability.
How do I fix CVE-2024-47758?
To fix CVE-2024-47758, update GLPI to version 10.0.17 or later.
Who is affected by CVE-2024-47758?
CVE-2024-47758 affects authenticated users of GLPI versions 9.3.0 through 10.0.16.
What kind of attack is possible with CVE-2024-47758?
An attacker can use the API to take control of any user with the same or lower privilege levels.
Is CVE-2024-47758 fixed in previous versions prior to 10.0.17?
No, CVE-2024-47758 is not fixed in any version prior to 10.0.17.