GLPI-Project GLPI 10.0.17

CPE Details

GLPI-Project GLPI 10.0.17
glpi-project
glpi
10.0.17
2025-01-02
11h09 +00:00
2025-01-02
11h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:glpi-project:glpi:10.0.17:*:*:*:*:*:*:*

Informations

Vendor

glpi-project

Product

glpi

Version

10.0.17

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-25192 2025-02-25 17h58 +00:00 GLPI is a free asset and IT management software package. Prior to version 10.0.18, a low privileged user can enable debug mode and access sensitive information. Version 10.0.18 contains a patch. As a workaround, one may delete the `install/update.php` file.
6.5
Medium
CVE-2025-21626 2025-02-25 15h37 +00:00 GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers.
6.5
Medium
CVE-2024-11955 2025-02-25 15h07 +00:00 A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.
5.3
Medium