Filtered by vendor Glpi-project
Subscribe
Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42802 | 1 Glpi-project | 1 Glpi | 2023-11-09 | N/A | 9.8 CRITICAL |
| GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server. | |||||
| CVE-2023-22724 | 1 Glpi-project | 1 Glpi | 2023-11-07 | N/A | 4.8 MEDIUM |
| GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6. | |||||
| CVE-2020-15175 | 1 Glpi-project | 1 Glpi | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2. | |||||
| CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | |||||
| CVE-2020-11036 | 1 Glpi-project | 1 Glpi | 2023-11-07 | 3.5 LOW | 5.4 MEDIUM |
| In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `" onmouseover="alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the "last update" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6. | |||||
| CVE-2020-11033 | 2 Fedoraproject, Glpi-project | 2 Fedora, Glpi | 2023-11-07 | 6.0 MEDIUM | 7.2 HIGH |
| In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6. | |||||
| CVE-2020-11035 | 2 Fedoraproject, Glpi-project | 2 Fedora, Glpi | 2023-11-07 | 6.4 MEDIUM | 9.3 CRITICAL |
| In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. | |||||
| CVE-2022-39181 | 1 Glpi-project | 1 Reports | 2023-10-25 | N/A | 6.1 MEDIUM |
| GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser. | |||||
| CVE-2021-30144 | 1 Glpi-project | 1 Dashboard | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. | |||||
| CVE-2023-37278 | 1 Glpi-project | 1 Glpi | 2023-07-27 | N/A | 9.1 CRITICAL |
| GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9. | |||||
| CVE-2023-34106 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch. | |||||
| CVE-2023-34107 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 6.5 MEDIUM |
| GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue. | |||||
| CVE-2023-34244 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 6.1 MEDIUM |
| GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8 to receive a patch. | |||||
| CVE-2023-35924 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 9.8 CRITICAL |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.8, GLPI inventory endpoint can be used to drive a SQL injection attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | |||||
| CVE-2023-35939 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 8.1 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-35940 | 1 Glpi-project | 1 Glpi | 2023-07-11 | N/A | 7.5 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue. | |||||
| CVE-2023-36808 | 1 Glpi-project | 1 Glpi | 2023-07-10 | N/A | 9.8 CRITICAL |
| GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native inventory. | |||||
| CVE-2023-34254 | 1 Glpi-project | 1 Glpi Agent | 2023-07-05 | N/A | 7.2 HIGH |
| The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5. | |||||
| CVE-2022-39370 | 1 Glpi-project | 1 Glpi | 2023-06-27 | N/A | 4.3 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. | |||||
| CVE-2021-21327 | 1 Glpi-project | 1 Glpi | 2023-06-26 | 5.0 MEDIUM | 7.5 HIGH |
| GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to carry out malicious attacks, or to start a “POP chain”. As an example of direct impact, this vulnerability affects integrity of the GLPI core platform and third-party plugins runtime misusing classes which implement some sensitive operations in their constructors or destructors. This is fixed in version 9.5.4. | |||||