Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GLPI vulnerable to enumeration of users' email addresses by unauthenticated user
Vulnerability Description
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
GLPI 信息泄露漏洞
Vulnerability Description
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 0.80版本和10.0.17之前版本存在信息泄露漏洞,该漏洞源于未经身份验证的用户可以使用应用程序端点,来检查电子邮件地址是否与有效的用户相对应。
CVSS Information
N/A
Vulnerability Type
N/A