Description
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| glpi-project | glpi | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-24350 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. |
References
History
Thu, 02 Jan 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Glpi-project
Glpi-project glpi |
|
| CPEs | cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Glpi-project
Glpi-project glpi |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T00:27:59.073Z
Reserved: 2024-02-19T14:43:05.993Z
Link: CVE-2024-27098
Vulnrichment
Updated: 2024-08-02T00:27:59.073Z
NVD
Status : Analyzed
Published: 2024-03-18T17:15:06.593
Modified: 2025-01-02T15:53:19.737
Link: CVE-2024-27098
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses