2024-11-20
:
This vulnerability affects GLPI, an open-source IT management software. An authenticated user can exploit a weakness to bypass access controls, create a private RSS feed for another user, and potentially inject malicious code (stored XSS). Upgrading to GLPI version 10.0.17 is recommended.
Vulnerability Details:
Platform: GLPI
Version: All versions before 10.0.17 (vulnerable)
Vulnerability: Access Control Bypass (CVE-2024-45611)
Severity: Medium
Date: November 15, 2024 (Published)
What Undercode Says:
This vulnerability allows attackers with access to the system to potentially steal user data or inject malicious code that can further compromise the system. It’s crucial to upgrade GLPI to version 10.0.17 as soon as possible to mitigate this risk.
Additional Notes:
The NVD (National Vulnerability Database) entry for this vulnerability can be found here: [link to CVE details on NVD]
This vulnerability is classified as medium severity based on the CVSS scoring system.
Disclaimer:
This information is for educational purposes only. Please consult with a security professional for specific guidance on mitigating this vulnerability in your environment.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help