CVE-2021-21326

Sažetak

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.

Reference

https://github.com/glpi-project/glpi/releases/tag/9.5.4
https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

16-03-2021 - 21:01

Objavljeno

08-03-2021 - 17:15