Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/pull/5520 | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/releases/tag/9.4.1.1 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-27T16:22:43
Updated: 2019-03-27T16:22:43
Reserved: 2019-03-27T00:00:00
Link: CVE-2019-10231
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-27T17:29:02.293
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-10231
JSON object: View
Redhat Information
No data.
CWE