Skip to content

Improper access to debug panel

Moderate
trasher published GHSA-6c2p-wgx9-vrjc Nov 3, 2022

Package

glpi (glpi)

Affected versions

>= 0.70

Patched versions

10.0.4

Description

Impact

Connected user may gain access to debug panel through the GLPI update script.

Patches

Upgrade to 10.0.4.

Workarounds

Delete the install/update.php script.

For more information

If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org.

Severity

Moderate
4.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE ID

CVE-2022-39370

Weaknesses

Credits