CVE-2014-5032 — Glpi vulnerability

CWE-2644 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedApr 14

Latest updateMay 17

Description

GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Ubuntuglpi-project/glpi< 0.84.8+dfsg.1-1

▶NVDglpi-project/glpi0.84.6

🔴Vulnerability Details

GHSA

GHSA-j5q8-29xm-2qr8: GLPI before 0↗2022-05-17

▶

OSV

CVE-2014-5032: GLPI before 0↗2015-04-14

▶

💬Community

Bugzilla

CVE-2014-5032 glpi: cost information disclore vulnerability↗2014-07-22

▶