CVE-2023-41888

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 27, 2023

Updated: Sep 29, 2023

CWE ID 22

Summary

CVE-2023-41888 is a vulnerability affecting GLPI, a Free Asset and IT Management Software package. The weakness lies in the lack of path filtering on GLPI URLs, enabling an attacker to craft a malicious URL of the login page. This phishing attempt could potentially steal user credentials. Users are strongly advised to upgrade to GLPI version 10.0.10 to mitigate this risk. No known workarounds are available for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sj4IB4
https://www.cve.org/CVERecord?id=CVE-2023-41888
https://nvd.nist.gov/vuln/detail/CVE-2023-41888

Back to Vulnerability Database

CVE-2023-41888

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations