CVE-2023-41322

CVSS V2 None CVSS V3 None

Description

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability.

Overview

CVE ID
CVE-2023-41322

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-09-26T22:34:06.088Z

Last Modified Date
2023-09-26T22:34:06.088Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html
CWE-269	http://cwe.mitre.org/data/definitions/269.html

References

Reference URL	Reference Tags
https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr	x_refsource_CONFIRM

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-41322
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41322

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 03:32:39				Added to TrackCVE