#VU74593 Improper Privilege Management in GLPI
Vulnerability identifier: #VU74593
Vulnerability risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-269
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
GLPI
Web applications /
CRM systems
Vendor: glpi-project
Description
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improper privilege management. A remote authenticated user can modify emails of any other user of the application, including administrator's email. This vulnerability can be used to take over an arbitrary account using the "forgotten password" feature and restoring the password to the modified email address.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
GLPI: 0.83 - 0.90.5, 9.1 - 9.5.12, 10.0.0 - 10.0.6
External links
http://github.com/glpi-project/glpi/releases/tag/9.5.13
http://github.com/glpi-project/glpi/releases/tag/10.0.7
http://github.com/glpi-project/glpi/security/advisories/GHSA-7pwm-pg76-3q9x
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
