In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Glpi | Glpi-project | * | 9.4.6 (excluding) |
Glpi | Ubuntu | esm-apps/xenial | * |
Glpi | Ubuntu | trusty | * |
Glpi | Ubuntu | xenial | * |