CVE-2024-27930

MEDIUM

GLPI 0.78-10.0.12 - Authenticated Sensitive Data Exposure via Item Field Access

Title source: llm
STIX 2.1

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.

References (4)

Core 4

Scores

CVSS v3 6.5
EPSS 0.0115
EPSS Percentile 62.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-285
Status published
Products (1)
glpi-project/glpi 0.78 - 10.0.13
Published Mar 18, 2024
Tracked Since Feb 18, 2026