CVE-2024-11955 — Open Redirect in Glpi

CWE-601 — Open Redirect2 documents2 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 52.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glpi-project Glpi

Timeline

PublishedFeb 25

Description

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDglpi-project/glpi0.85 — 10.0.18

▶CVEListV5glpi-project/glpi18 versions+17

🔴Vulnerability Details

OSV

CVE-2024-11955: A vulnerability was found in GLPI up to 10↗2025-02-25

▶