CVE-2024-48912

EPSS 0.26%
Published 11.12.2024 17:15:17
Last modified 10.01.2025 19:37:41
Source security-advisories@github.com
Teams watchlist Login
Open Login

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 10.0.0 < 10.0.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.494

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
security-advisories@github.com	7.2	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/glpi-project/glpi/releases/tag/10.0.17

Release Notes

https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-48912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-48912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-48912

EUVD