Description

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.

Related CPE's

a

glpi-project

glpi

Vulnerable

References

https://github.com/glpi-project/glpi/releases/tag/9.5.6

Release NotesThird Party Advisory

https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777

Third Party Advisory

https://github.com/glpi-project/glpi/releases/tag/9.5.6

Release NotesThird Party Advisory

https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-74

[email protected]

Primary
CWE-74

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

6.8 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-09-15T15:15:10.337Z

4 years ago

Last modified

2024-11-21T05:18:55.037Z

1 year ago