In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2 | Patch Third Party Advisory |
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-10-07T19:10:13
Updated: 2020-10-07T19:10:13
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15217
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-07T19:15:12.907
Modified: 2020-10-16T15:19:52.210
Link: CVE-2020-15217
JSON object: View
Redhat Information
No data.
CWE