Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GLPI is vulnerable to session stealing on externally authenticated user change
Vulnerability Description
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patched in versions .
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
会话固定
Vulnerability Title
GLPI 授权问题漏洞
Vulnerability Description
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 10.0.23之前版本和11.0.5之前版本存在授权问题漏洞,该漏洞源于远程身份验证时基于SSO变量的会话管理不当,可能导致会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A