CVE-2014-5032
published 2015-04-14CVE-2014-5032: GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.12%
79.6th percentile
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | <= 0.84.6 | — |
| glpi-project | glpi | >= 0 < 0.84.8+dfsg.1-1 | 0.84.8+dfsg.1-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5q8-29xm-2qr8: GLPI before 0
ghsa_unreviewed·2022-05-17
CVE-2014-5032 [MEDIUM] GHSA-j5q8-29xm-2qr8: GLPI before 0
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
OSV
CVE-2014-5032: GLPI before 0
osv·2015-04-14·CVSS 5.0
CVE-2014-5032 [MEDIUM] CVE-2014-5032: GLPI before 0
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
No detection rules found.
No public exploits indexed.
http://advisories.mageia.org/MGASA-2015-0017.htmlhttp://www.glpi-project.org/spip.php?page=annonce&id_breve=325http://www.mandriva.com/security/advisories?name=MDVSA-2015:167https://forge.indepnet.net/issues/4984http://advisories.mageia.org/MGASA-2015-0017.htmlhttp://www.glpi-project.org/spip.php?page=annonce&id_breve=325http://www.mandriva.com/security/advisories?name=MDVSA-2015:167https://forge.indepnet.net/issues/4984
2015-04-14
Published