GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/releases/tag/10.0.7 | Patch Release Notes |
https://github.com/glpi-project/glpi/releases/tag/9.5.13 | Patch Release Notes |
https://github.com/glpi-project/glpi/security/advisories/GHSA-65gq-p8hg-7m92 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-05T17:45:30.721Z
Updated: 2023-04-05T17:45:30.721Z
Reserved: 2023-03-24T16:25:34.467Z
Link: CVE-2023-28852
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-05T18:15:08.520
Modified: 2023-04-12T16:12:20.340
Link: CVE-2023-28852
JSON object: View
Redhat Information
No data.
CWE