CVE-2020-27663

Опубликовано: 26 нояб. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

Ссылки

https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия до 9.5.3 (исключая)

EPSS

Процентиль: 46%

0.00231

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

CVE-2020-27663

CVSS3: 4.3

ubuntu

около 5 лет назад

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

CVE-2020-27663

CVSS3: 4.3

debian

около 5 лет назад

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct ...

EPSS

Процентиль: 46%

0.00231

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639