Опубликовано: 05 мая 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 7.5
Описание
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
10
EPSS
Процентиль: 47%
0.00244
Низкий
6.4 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
почти 6 лет назад
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
CVSS3: 7.5
debian
почти 6 лет назад
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...
EPSS
Процентиль: 47%
0.00244
Низкий
6.4 Medium
CVSS2
7.5 High
CVSS3