CVE-2024-27930

MEDIUM

Glpi < 10.0.13 - Improper Authorization

Title source: rule
STIX 2.1

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13.

References (4)

Core 4

Scores

CVSS v3 6.5
EPSS 0.0049
EPSS Percentile 65.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-285
Status published
Products (1)
glpi-project/glpi 0.78 - 10.0.13
Published Mar 18, 2024
Tracked Since Feb 18, 2026