CVE-2023-34106

CVSS V2 None CVSS V3 None

Description

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should upgrade to version 10.0.8 to receive a patch.

Overview

CVE ID
CVE-2023-34106

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-07-05T17:48:32.727Z

Last Modified Date
2023-07-05T17:48:32.727Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-863	http://cwe.mitre.org/data/definitions/863.html

References

Reference URL	Reference Tags
https://github.com/glpi-project/glpi/security/advisories/GHSA-923r-hqh4-wj7c	x_refsource_CONFIRM
https://github.com/glpi-project/glpi/releases/tag/10.0.8	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-34106
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34106

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 20:17:02				Added to TrackCVE