Описание
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.
Ссылки
- ProductRelease Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.0.0 (включая) до 11.0.5 (исключая)
cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 3%
0.00015
Низкий
4.1 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 4.1
ubuntu
около 2 месяцев назад
GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.
CVSS3: 4.1
debian
около 2 месяцев назад
GLPI is a free asset and IT management software package. From version ...
EPSS
Процентиль: 3%
0.00015
Низкий
4.1 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918