CVE-2011-2720 — Sensitive Information Exposure in Glpi

CWE-200 — Sensitive Information Exposure6 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.0%

top 22.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedAug 5

Latest updateMay 17

Description

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDglpi-project/glpi0.80.1+32

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-v8g3-5fhj-q8xr: The autocompletion functionality in GLPI before 0↗2022-05-17

▶

💬Community

Bugzilla

CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [fedora-all]↗2011-07-27

▶

Bugzilla

CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-5]↗2011-07-27

▶

Bugzilla

CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password↗2011-07-27

▶

Bugzilla

CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-6]↗2011-07-27

▶