Main Vulnerability Database Vulnerabilities #VU71616

#VU71616 Improper access control in GLPI - CVE-2023-23610

Published: January 28, 2023

Vulnerability identifier: #VU71616

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-23610

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GLPI

Software vendor:
glpi-project

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A user having access to standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, etc).

Remediation

Install updates from vendor's website.

External links

https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf

#VU71616 Improper access control in GLPI - CVE-2023-23610

Description

Remediation

External links

Please verify you're human