CVE-2023-53943 — Observable Discrepancy in Glpi

CWE-203 — Observable Discrepancy4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 80.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedDec 18

Description

GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶NVDglpi-project/glpi9.5.7

🔴Vulnerability Details

GHSA

GHSA-5w2x-g68p-qvmf: GLPI 9↗2025-12-18

▶

OSV

CVE-2023-53943: GLPI 9↗2025-12-18

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53943 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶