Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
36 vulnerabilities found for GLPI by GLPI
CERTFR-2026-AVI-0312
Vulnerability from certfr_avis - Published: 2026-03-18 - Updated: 2026-03-18
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "glpi versions 11.0.x ant\u00e9rieures \u00e0 11.0.6",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-25937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25937"
},
{
"name": "CVE-2026-25936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25936"
}
],
"initial_release_date": "2026-03-18T00:00:00",
"last_revision_date": "2026-03-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0312",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-qw3x-7vv2-7759",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qw3x-7vv2-7759"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-2g3p-vwp2-7qxm",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2g3p-vwp2-7qxm"
}
]
}
CERTFR-2026-AVI-0275
Vulnerability from certfr_avis - Published: 2026-03-12 - Updated: 2026-03-12
Une vulnérabilité a été découverte dans GLPI. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions 11.0.x ant\u00e9rieures \u00e0 11.0.5",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22248"
}
],
"initial_release_date": "2026-03-12T00:00:00",
"last_revision_date": "2026-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0275",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans GLPI. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans GLPI",
"vendor_advisories": [
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-c9q3-mcxq-9vr4",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c9q3-mcxq-9vr4"
}
]
}
CERTFR-2026-AVI-0117
Vulnerability from certfr_avis - Published: 2026-02-04 - Updated: 2026-02-04
De multiples vulnérabilités ont été découvertes dans GLPI. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection SQL (SQLi) et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions post\u00e9rieures ou \u00e9gales \u00e0 0.71 et ant\u00e9rieures \u00e0 10.0.23",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
},
{
"description": "GLPI versions 11.0.x ant\u00e9rieures \u00e0 11.0.5",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23624"
},
{
"name": "CVE-2026-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22044"
},
{
"name": "CVE-2026-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22247"
}
],
"initial_release_date": "2026-02-04T00:00:00",
"last_revision_date": "2026-02-04T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0117",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection SQL (SQLi) et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-569q-j526-w385",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-569q-j526-w385"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-5j4j-vx46-r477",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5j4j-vx46-r477"
},
{
"published_at": "2026-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-f6f6-v3qr-9p5x",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x"
}
]
}
CERTFR-2026-AVI-0055
Vulnerability from certfr_avis - Published: 2026-01-16 - Updated: 2026-01-16
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "glpi versions ant\u00e9rieures \u00e0 10.0.21",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
},
{
"description": "glpi versions 11.0.x ant\u00e9rieures \u00e0 11.0.3",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-64516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64516"
},
{
"name": "CVE-2025-66417",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66417"
}
],
"initial_release_date": "2026-01-16T00:00:00",
"last_revision_date": "2026-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-p467-682w-9cc9",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p467-682w-9cc9"
},
{
"published_at": "2026-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-487h-7mxm-7r46",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46"
}
]
}
CERTFR-2025-AVI-1117
Vulnerability from certfr_avis - Published: 2025-12-17 - Updated: 2025-12-17
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions post\u00e9rieures ou \u00e9gales \u00e0 9.1.0 et ant\u00e9rieures \u00e0 10.0.21",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59935"
},
{
"name": "CVE-2025-64520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64520"
}
],
"initial_release_date": "2025-12-17T00:00:00",
"last_revision_date": "2025-12-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1117",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2025-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-j8vv-9f8m-r7jx",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8vv-9f8m-r7jx"
},
{
"published_at": "2025-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-62p9-prpq-j62q",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-62p9-prpq-j62q"
}
]
}
CERTFR-2025-AVI-0735
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GLPI. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions 10.0.x ant\u00e9rieures \u00e0 10.0.19",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53105"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0735",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans GLPI. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans GLPI",
"vendor_advisories": [
{
"published_at": "2025-08-27",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-334r-2682-95wc",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-334r-2682-95wc"
}
]
}
CERTFR-2025-AVI-0632
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "glpi versions ant\u00e9rieures \u00e0 10.0.19",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53357",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53357"
},
{
"name": "CVE-2025-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53112"
},
{
"name": "CVE-2025-52567",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52567"
},
{
"name": "CVE-2025-53008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53008"
},
{
"name": "CVE-2025-27514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27514"
},
{
"name": "CVE-2025-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53111"
},
{
"name": "CVE-2025-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53113"
},
{
"name": "CVE-2025-52897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52897"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0632",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-x9mj-822q-6cf8",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x9mj-822q-6cf8"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-52h8-76ph-4j9q",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-52h8-76ph-4j9q"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-jh8j-gqxc-6gqj",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-jh8j-gqxc-6gqj"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-rp7w-6343-3m2r",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rp7w-6343-3m2r"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-p665-mqcr-j96j",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p665-mqcr-j96j"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-r2mm-6499-4m8j",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-r2mm-6499-4m8j"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-5mp6-mgmh-vrq7",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5mp6-mgmh-vrq7"
},
{
"published_at": "2025-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-6whm-q2rp-prqm",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-6whm-q2rp-prqm"
}
]
}
CERTFR-2025-AVI-0219
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.18",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24801"
},
{
"name": "CVE-2025-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21619"
},
{
"name": "CVE-2025-24799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24799"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-pcmc-xv3g-hjxv",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-pcmc-xv3g-hjxv"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-g2p3-33ff-r555",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-g2p3-33ff-r555"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-jv89-g7f7-jwfg",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-jv89-g7f7-jwfg"
}
]
}
CERTFR-2025-AVI-0162
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.18",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25192"
},
{
"name": "CVE-2025-23046",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23046"
},
{
"name": "CVE-2025-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21626"
},
{
"name": "CVE-2025-21627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21627"
},
{
"name": "CVE-2024-11955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11955"
},
{
"name": "CVE-2025-23024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23024"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0162",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-5vvr-pxwf-3w77",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-5vvr-pxwf-3w77"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-vfxc-qg3v-j2r5",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-vfxc-qg3v-j2r5"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-885x-hvp2-85q8",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-885x-hvp2-85q8"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-qm8p-jmj2-qfc2",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-qm8p-jmj2-qfc2"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-g5fm-jq4j-c2c7",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-86cx-hcfc-8mm8",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-86cx-hcfc-8mm8"
}
]
}
CERTFR-2024-AVI-1064
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.17",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50339"
},
{
"name": "CVE-2024-47760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47760"
},
{
"name": "CVE-2024-47761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47761"
},
{
"name": "CVE-2024-48912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48912"
},
{
"name": "CVE-2024-47758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47758"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-v977-g4r9-6r72",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-x794-564w-vgxx",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x794-564w-vgxx"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-vjmw-j32j-ph4f",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-3r4x-6pmx-phwr",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-r3mx-fr5f-gwgp",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-r3mx-fr5f-gwgp"
}
]
}
CERTFR-2024-AVI-0996
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.17",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41678"
},
{
"name": "CVE-2024-45611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45611"
},
{
"name": "CVE-2024-43416",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43416"
},
{
"name": "CVE-2024-43417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43417"
},
{
"name": "CVE-2024-41679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41679"
},
{
"name": "CVE-2024-45609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45609"
},
{
"name": "CVE-2024-40638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40638"
},
{
"name": "CVE-2024-45610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45610"
},
{
"name": "CVE-2024-43418",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43418"
},
{
"name": "CVE-2024-45608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45608"
},
{
"name": "CVE-2024-47759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47759"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0996",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-x8jv-fcwx-3x6m",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-x8jv-fcwx-3x6m"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-8843-r3m7-gfqx",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-8843-r3m7-gfqx"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-vvr8-chwj-9m4c",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-vvr8-chwj-9m4c"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-p633-wfj5-8x44",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p633-wfj5-8x44"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-j73h-x6j3-m479",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j73h-x6j3-m479"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-3j2f-3j4v-hppr",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3j2f-3j4v-hppr"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-xwmx-mmrf-hqf9",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xwmx-mmrf-hqf9"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-hq9q-jfhp-qqgm",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-hq9q-jfhp-qqgm"
},
{
"published_at": "2024-11-17",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-j8gc-xpgr-2ww7",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-67p8-v79j-jp86",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-67p8-v79j-jp86"
},
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-474f-9vpp-xxq5",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-474f-9vpp-xxq5"
}
]
}
CERTFR-2024-AVI-0566
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans GLPI. lles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "glpi versions post\u00e9rieures \u00e0 0.84 et ant\u00e9rieures \u00e0 10.0.16",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37147"
},
{
"name": "CVE-2024-37149",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37149"
},
{
"name": "CVE-2024-37148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37148"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0566",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans GLPI. lles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans GLPI",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-f2cg-fc85-ffmh",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-f2cg-fc85-ffmh"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-p626-hph9-p6fj",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p626-hph9-p6fj"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-cwvp-j887-m4xh",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-cwvp-j887-m4xh"
}
]
}
CERTFR-2024-AVI-0369
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits GLPI. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "glpi versions post\u00e9rieures \u00e0 9.3.0 et ant\u00e9rieures \u00e0 10.0.15",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-31456",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31456"
},
{
"name": "CVE-2024-29889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29889"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0369",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits GLPI\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits GLPI",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-8xvf-v6vv-r75g du 07 mai 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-8xvf-v6vv-r75g"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-gcj4-2cp3-6h5j du 07 mai 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-gcj4-2cp3-6h5j"
}
]
}
CERTFR-2024-AVI-0255
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans GLPI. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions 0.65 \u00e0 10.x ant\u00e9rieures \u00e0 10.0.13",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-27096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27096"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans GLPI. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans GLPI",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-2x8m-vrcm-2jqv du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv"
}
]
}
CERTFR-2024-AVI-0231
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits GLPI. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS), une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.13",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-27914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27914"
},
{
"name": "CVE-2024-27930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27930"
},
{
"name": "CVE-2024-27098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27098"
},
{
"name": "CVE-2024-27937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27937"
},
{
"name": "CVE-2024-27104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27104"
},
{
"name": "CVE-2024-27096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27096"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits GLPI\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une injection de code indirecte \u00e0 distance (XSS), une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits GLPI",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-prc3-cx5m-h5mj du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-rcxj-fqr4-q34r du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-98qw-hpg3-2hpj du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-2x8m-vrcm-2jqv du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-82vv-j9pr-qmwq du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-82vv-j9pr-qmwq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-92x4-q9w5-837w du 18 mars 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w"
}
]
}
CERTFR-2024-AVI-0087
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits GLPI. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GLPI versions ant\u00e9rieures \u00e0 10.0.12",
"product": {
"name": "GLPI",
"vendor": {
"name": "GLPI",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-23645",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23645"
},
{
"name": "CVE-2023-51446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51446"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0087",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits GLPI\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits GLPI",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-2gj5-qpff-ff3x du 01 f\u00e9vrier 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 GLPI GHSA-p995-jmfv-c7r8 du 01 f\u00e9vrier 2024",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-p995-jmfv-c7r8"
}
]
}