CVE Vulnerabilities

CVE-2024-47761

Improper Authentication

Published: Dec 11, 2024 | Modified: Jan 23, 2025
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Glpi Glpi-project 0.80 (including) 10.0.17 (excluding)

Potential Mitigations

References