CVE-2019-10233

HIGH

GLPI < 9.4.1.1 - Timing Attack via Cookie

Title source: llm
STIX 2.1

Description

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

References (2)

Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/releases/tag/9.4.1.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/glpi-project/glpi/pull/5562

Scores

CVSS v3 8.1
EPSS 0.0043
EPSS Percentile 63.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-203
Status published
Products (1)
glpi-project/glpi < 9.4.1.1
Published Mar 27, 2019
Tracked Since Feb 18, 2026