CVE-2023-35940

CVSS V2 None CVSS V3 None

Description

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue.

Overview

CVE ID
CVE-2023-35940

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-07-05T20:46:04.061Z

Last Modified Date
2023-07-05T20:46:04.061Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-287	http://cwe.mitre.org/data/definitions/287.html

References

Reference URL	Reference Tags
https://github.com/glpi-project/glpi/security/advisories/GHSA-qrh8-rg45-45fw	x_refsource_CONFIRM
https://github.com/glpi-project/glpi/releases/tag/10.0.8	x_refsource_MISC

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-35940
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35940

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 20:01:52				Added to TrackCVE