CVE-2021-39209

More information about this CVE will likely be available in a few days.

Description

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

Related CPE's

Could not find any relations

References

https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p

https://github.com/glpi-project/glpi/releases/tag/9.5.6

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io