CVE-2024-27098

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 6.4

CVSS3: 9.6

EPSS Низкий

Описание

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

Ссылки

https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.13
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w
Vendor Advisory
https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484
Patch
https://github.com/glpi-project/glpi/releases/tag/10.0.13
Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 9.5.0 (включая) до 10.0.13 (исключая)

EPSS

Процентиль: 38%

0.00164

Низкий

6.4 Medium

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-918

Связанные уязвимости

CVE-2024-27098

CVSS3: 6.4

ubuntu

больше 1 года назад

CVE-2024-27098

CVSS3: 6.4

debian

больше 1 года назад

GLPI is a Free Asset and IT Management Software package, Data center m ...

ROS-20240812-13

CVSS3: 8.1

redos

11 месяцев назад

Множественные уязвимости glpi

EPSS

Процентиль: 38%

0.00164

Низкий

6.4 Medium

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-918