CVE-2023-41321

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-41321

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41321.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-41321

Related

GHSA-3fxw-j5rj-w836
UBUNTU-CVE-2023-41321

Published

2023-09-27T15:19:29Z

Modified

2024-11-21T08:21:04Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi
Events: Introduced

80328baf38e2d6fe6cf269b43ed0edc80c64d89d

Fixed

0c860f018f5bd0f08b87d217a376304e62a5ba58