CVE-2024-43416Sensitive Information Exposure in Glpi

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
24.4%
top 3.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Glpi-project Glpi
Timeline
PublishedNov 18

Description

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDglpi-project/glpi0.8010.0.17
CVEListV5glpi-project/glpi>= 0.80, < 10.0.17

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2024-43416: GLPI is a free asset and IT management software package2024-11-18