CVE-2023-35939

CVSS V2 None CVSS V3 None

Description

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue.

Overview

CVE ID
CVE-2023-35939

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-07-05T20:42:52.139Z

Last Modified Date
2023-07-05T20:42:52.139Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-863	http://cwe.mitre.org/data/definitions/863.html

References

Reference URL	Reference Tags
https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c	x_refsource_CONFIRM
https://github.com/glpi-project/glpi/releases/tag/10.0.8	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-35939
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35939

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 19:52:03				Added to TrackCVE