Pluginsglpi Addressing vulnerabilities
2 known vulnerabilities affecting pluginsglpi/addressing.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-43779P2CRITICALCVSS 9.9fixed in 2.9.12022-01-05
CVE-2021-43779 [CRITICAL] CWE-20 CVE-2021-43779: GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and
nvd
CVE-2024-53850P3HIGHCVSS 8.2v>= 3.0.0 < 3.0.32024-12-26
CVE-2024-53850 [HIGH] CWE-470 CVE-2024-53850: The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free
The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.
nvd