CVE-2024-38370

Published: Nov 15, 2024Modified: Feb 10, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16.

Affected (1)

Products: Glpi Project: Glpi

Glpi Project

1 product

Glpi

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Glpi Project Glpi	From 9.2.0 to 10.0.16

Related CWEs

CWE-285

Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (1)

https://github.com/glpi-project/glpi/security/advisories/GHSA-xrm2-m72w-w4x4

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.