CVE-2024-47758

EPSS 0.31%
Published 11.12.2024 16:15:11
Last modified 06.02.2025 15:21:12
Source security-advisories@github.com
Teams watchlist Login
Open Login

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 9.3.0 < 10.0.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.54

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.6	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/glpi-project/glpi/releases/tag/10.0.17

Release Notes

https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47758

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47758

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47758

EUVD