CVE-2014-5032
GLPI < 0.84.6 - Unauthenticated Sensitive Information Exposure via Search Bar Cost Criteria
Title source: llmDescription
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
Various Sources x_refsource_confirm
http://www.glpi-project.org/spip.php?page=annonce&id_breve=325
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0017.html
Issue Tracking x_refsource_confirm
https://forge.indepnet.net/issues/4984
Scores
EPSS
0.0039
EPSS Percentile
60.0%
Details
CWE
CWE-264
Status
published
Products (1)
glpi-project/glpi
< 0.84.6
Published
Apr 14, 2015
Tracked Since
Feb 18, 2026