CVE-2019-10231

Опубликовано: 27 мар. 2019

Источник: debian

EPSS Низкий

Описание

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
glpi	removed			package

Примечания

https://github.com/glpi-project/glpi/pull/5520
Only supported behind an authenticated HTTP zone

EPSS

Процентиль: 54%

0.00313

Низкий

Связанные уязвимости

CVE-2019-10231

CVSS3: 9.8

ubuntu

почти 7 лет назад

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

CVE-2019-10231

CVSS3: 9.8

nvd

почти 7 лет назад

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

GHSA-rqpr-xfvf-qr4v

CVSS3: 9.8

github

больше 3 лет назад

Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).

EPSS

Процентиль: 54%

0.00313

Низкий