Unauthorized access to inventory files
Package
glpi
(glpi)
Affected versions
>= 10.0.0
Patched versions
10.0.6
Description
Credits
-
cedric-anne Analyst
cedric-anne
Analyst
Impact
This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users.
Patches
Upgrade to 10.0.6.
Workarounds
Disable native inventory and delete inventory files from server (default location is
files/_inventory).For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.