CVE-2024-47758

EPSS 0.45%
Veröffentlicht 11.12.2024 16:15:11
Zuletzt bearbeitet 06.02.2025 15:21:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 9.3.0 < 10.0.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.629

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.6	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/glpi-project/glpi/releases/tag/10.0.17

Release Notes

https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47758

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47758

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47758

EUVD