Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-28633

Опубликовано: 05 апр. 2023
Источник: debian
EPSS Низкий

Описание

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glpiremovedpackage

Примечания

  • Only supported behind an authenticated HTTP zone

EPSS

Процентиль: 43%
0.00205
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-28633

CVSS3: 3.5
ubuntu
больше 2 лет назад

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.

nvd логотип

CVE-2023-28633

CVSS3: 3.5
nvd
больше 2 лет назад

GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.

fstec логотип

BDU:2023-03382

CVSS3: 3.5
fstec
больше 2 лет назад

Уязвимость системы работы с заявками и инцидентами GLPI, связанная с подделкой запроса на стороне сервера, позволяющая нарушителю выполнять SSRF-атаки

redos логотип

ROS-20230619-01

CVSS3: 10
redos
больше 2 лет назад

Множественные уязвимости GLPI

EPSS

Процентиль: 43%
0.00205
Низкий