glpi-project

glpi

94 Versions 119 CVEs

Versions

Recent CVEs

CVE-2024-50339

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue.

UNKNOWN Dec 11, 2024

CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.

UNKNOWN Dec 11, 2024

CVE-2024-47761

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

UNKNOWN Dec 11, 2024

CVE-2024-47760

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue.

UNKNOWN Dec 11, 2024

CVE-2024-47758

GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue.

UNKNOWN Dec 11, 2024

CVE-2024-43416

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.

HIGH Nov 18, 2024

CVE-2024-45610

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vulnerability located in the Cable form. Upgrade to 10.0.17.

MEDIUM Nov 15, 2024

glpi

Versions

>9.1, < 9.4.6

< 9.5.0

> 0.83.3, < 9.4.6

>= 9.1, < 9.5.2

< 10.0.3

>= 0.70, < 10.0.12

>= 10.0.8, < 10.0.13

9.5.0

>= 9.3.0, < 10.0.10

>= 9.5.0, < 10.0.17

>=0.60, < 10.0.6

>= 0.65, < 10.0.17

>= 0.70, < 10.0.4

>= 0.50, < 10.0.17

>= 10.0.0, < 10.0.10

>= 10.0.0, < 10.0.17

>= 10.0.0, < 10.0.13

>= 0.65, < 10.0.4

>= 0.70, < 10.0.17

>= 9.1, < 9.5.6

10.0.12

>= 0.65, < 9.5.2

>= 0.65, < 10.0.12

>= 0.85, < 10.0.17

10.0.10

>= 9.5.0, < 10.0.13

>= 9.5.0, < 10.0.10

>= 0.84, < 10.0.17

>=9.5.0, < 10.0.3

>= 9.1.1, < 10.0.10

>= 0.84, < 10.0.16

>= 9.4.0, < 10.0.8

>= 0.65, < 10.0.13

>= 10.0.0, < 10.0.2

>= 10.0.0, < 10.0.6

9.2.0

>= 0.80, < 10.0.17

>= 9.1.0, < 10.0.17

>= 0.6.8, < 9.5.2

>= 9.5.0, < 9.5.13

>= 9.3.0, < 10.0.17

0.85

0

>= 9.5.0, < 9.5.2

< 10.0.15

>= 0.80, < 10.0.8

>= 9.3.0, < 9.5.8

0.80

>= 9.5.0, < 10.0.9

>= 0.60, < 10.0.4

>= 10.0.0, < 10.0.4

< 9.4.6

= 9.5.3

>= 10.0.7, < 10.0.10

>= 0.83, < 9.5.13

>= 10.0.8, < 10.0.10

< 9.5.2

< 9.5.3

>= 9.5.0, < 10.0.8

< 9.5.4

>= 10.0.0, 10.0.6

>= 0.50, < 9.5.13

>= 0.68, < 10.0.8

>= 0.72, < 10.0.3

>= 0.85, < 10.0.16

0.84

>= 9.2.0, < 10.0.16

< 9.5.6

< 10.0.1

>= 9.2.0, < 10.0.8

>=10.0.0, < 10.0.2

>= 9.1.0, < 10.0.10

>= 9.2, < 9.5.6

>= 9.5.0, < 9.5.4

< 10.0.6

< 9.5.1

>= 0.60, < 9.5.13

>= 10.0.0, < 10.0.8