| ID |
CVE-2026-23624
|
| Sažetak |
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patched in versions . |
| Reference |
|
| CVSS |
| Base: | 4.3 |
| Impact: | 3.6 |
| Exploitability: | 0.7 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| PHYSICAL |
LOW |
LOW |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
NONE |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Zadnje važnije ažuriranje |
06-02-2026 - 21:18 |
| Objavljeno |
04-02-2026 - 18:16 |
