Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit.
In case remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator.
Patches
Upgrade to 10.0.4.
For more information
If you have any questions or comments about this advisory:
mail us at glpi-security@ow2.org
Impact
Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit.
In case remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator.
Patches
Upgrade to 10.0.4.
For more information
If you have any questions or comments about this advisory:
mail us at glpi-security@ow2.org