CVE-2020-15217

Опубликовано: 07 окт. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.

Ссылки

https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv
Third Party Advisory
https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
Patch
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 9.5.0 (включая) до 9.5.2 (исключая)

EPSS

Процентиль: 46%

0.00234

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-15217

CVSS3: 5.3

ubuntu

больше 5 лет назад

CVE-2020-15217

CVSS3: 5.3

debian

больше 5 лет назад

In GLPI before version 9.5.2, there is a leakage of user information t ...

EPSS

Процентиль: 46%

0.00234

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-79