CVE-2023-35940

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 5, 2023

Updated: Jul 11, 2023

CWE ID 287

CWE ID 862

CWE ID 284

Summary

CVE-2023-35940 is a vulnerability affecting GLPI, a free asset and IT management software. In versions 9.5.0 and earlier than 10.0.8, an incorrect file access rights check allows unauthenticated users to gain access to dashboard data. This issue poses a potential security risk by enabling unauthorized access to sensitive information. GLPI recommends users to update to version 10.0.8 to apply the available patch and secure their systems against this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GLPI Project
Glpi-project GLPI

Affected Vendors

Teclib

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r4w94v
https://www.cve.org/CVERecord?id=CVE-2023-35940
https://nvd.nist.gov/vuln/detail/CVE-2023-35940

Back to Vulnerability Database