CVE-2023-51446

Опубликовано: 01 фев. 2024

Источник: nvd

CVSS3: 5.9

CVSS3: 8.1

EPSS Низкий

Описание

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.

Ссылки

https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.12
Patch
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
Vendor Advisory
https://github.com/glpi-project/glpi/commit/58c67d78f2e3ad08264213e9aaf56eab3c9ded35
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.12
Patch
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 0.70 (включая) до 10.0.12 (исключая)

EPSS

Процентиль: 68%

0.00568

Низкий

5.9 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-74

Связанные уязвимости

CVE-2023-51446

CVSS3: 5.9

ubuntu

больше 1 года назад

GLPI is a Free Asset and IT Management Software package. When authentication is made against a LDAP, the authentication form can be used to perform LDAP injection. Upgrade to 10.0.12.

CVE-2023-51446

CVSS3: 5.9

debian

больше 1 года назад

GLPI is a Free Asset and IT Management Software package. When authenti ...

ROS-20240812-13

CVSS3: 8.1

redos

11 месяцев назад

Множественные уязвимости glpi

EPSS

Процентиль: 68%

0.00568

Низкий

5.9 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-74