Vulnerability Description
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | < 9.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/glpi-project/glpi/releases/tag/9.5.4Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7whThird Party Advisory
- https://github.com/glpi-project/glpi/releases/tag/9.5.4Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7whThird Party Advisory
FAQ
What is CVE-2021-21326?
CVE-2021-21326 is a vulnerability with a CVSS score of 7.7 (HIGH). GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create...
How severe is CVE-2021-21326?
CVE-2021-21326 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21326?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.