Количество 5
Количество 5
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
CVE-2023-28634
GLPI is a free asset and IT management software package. Starting in v ...
BDU:2023-03380
Уязвимость системы работы с заявками и инцидентами GLPI, связанная с неправильной авторизацией, позволяющая нарушителю повышать привилегии внутри приложения
ROS-20230619-01
Множественные уязвимости GLPI
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28634 GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
 | CVE-2023-28634 GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
| CVE-2023-28634 GLPI is a free asset and IT management software package. Starting in v ... | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
 | BDU:2023-03380 Уязвимость системы работы с заявками и инцидентами GLPI, связанная с неправильной авторизацией, позволяющая нарушителю повышать привилегии внутри приложения | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
 | ROS-20230619-01 Множественные уязвимости GLPI | CVSS3: 10 | около 2 лет назад |
Уязвимостей на страницу