GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 0.78 through 10.0.18, a connected user can alter the reservations of another user. This is fixed in version 10.0.19.
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Link | Tags |
---|---|
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9mj-822q-6cf8 | vendor advisory |