CVE-2023-34107

CVSS V2 None CVSS V3 None

Description

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue.

Overview

CVE ID
CVE-2023-34107

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-07-05T19:15:31.060Z

Last Modified Date
2023-07-05T19:15:31.060Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-863	http://cwe.mitre.org/data/definitions/863.html

References

Reference URL	Reference Tags
https://github.com/glpi-project/glpi/security/advisories/GHSA-966h-xrf5-pmj4	x_refsource_CONFIRM
https://github.com/glpi-project/glpi/releases/tag/10.0.8	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-34107
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34107

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 20:20:15				Added to TrackCVE