Search criteria
2 vulnerabilities found for escalade by pluginsGLPI
CVE-2025-27153 (GCVE-0-2025-27153)
Vulnerability from cvelistv5 – Published: 2025-07-01 18:27 – Updated: 2025-07-01 19:35
VLAI?
Title
Escalade GLPI Plugin Vulnerable to Improper Access Control
Summary
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pluginsGLPI | escalade |
Affected:
< 2.9.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T19:34:37.266649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T19:35:43.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "escalade",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:27:50.677Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"
},
{
"name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"
}
],
"source": {
"advisory": "GHSA-pvqv-8r3r-47m9",
"discovery": "UNKNOWN"
},
"title": "Escalade GLPI Plugin Vulnerable to Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27153",
"datePublished": "2025-07-01T18:27:50.677Z",
"dateReserved": "2025-02-19T16:30:47.780Z",
"dateUpdated": "2025-07-01T19:35:43.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27153 (GCVE-0-2025-27153)
Vulnerability from nvd – Published: 2025-07-01 18:27 – Updated: 2025-07-01 19:35
VLAI?
Title
Escalade GLPI Plugin Vulnerable to Improper Access Control
Summary
Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11.
Severity ?
6.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| pluginsGLPI | escalade |
Affected:
< 2.9.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27153",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T19:34:37.266649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T19:35:43.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "escalade",
"vendor": "pluginsGLPI",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure and workflow disruptions. This issue has been patched in version 2.9.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:27:50.677Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pluginsGLPI/escalade/security/advisories/GHSA-pvqv-8r3r-47m9"
},
{
"name": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pluginsGLPI/escalade/releases/tag/2.9.11"
}
],
"source": {
"advisory": "GHSA-pvqv-8r3r-47m9",
"discovery": "UNKNOWN"
},
"title": "Escalade GLPI Plugin Vulnerable to Improper Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-27153",
"datePublished": "2025-07-01T18:27:50.677Z",
"dateReserved": "2025-02-19T16:30:47.780Z",
"dateUpdated": "2025-07-01T19:35:43.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}