Vulnerability Description
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack vector. This issue is partially mitigated by cors security of browsers, though users are still advised to upgrade.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Glpi-Project | Glpi | <= 0.90 |
Related Weaknesses (CWE)
References
- https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md#1000-2022-0Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/commit/ac9f1f03c5d2545b7e290197dbfebc3f752fPatchThird Party Advisory
- https://github.com/glpi-project/glpi/releases/tag/10.0.0Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p94c-8qp5-gfpxThird Party Advisory
- https://github.com/glpi-project/glpi/blob/10.0/bugfixes/CHANGELOG.md#1000-2022-0Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/commit/ac9f1f03c5d2545b7e290197dbfebc3f752fPatchThird Party Advisory
- https://github.com/glpi-project/glpi/releases/tag/10.0.0Release NotesThird Party Advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-p94c-8qp5-gfpxThird Party Advisory
FAQ
What is CVE-2022-24869?
CVE-2022-24869 is a vulnerability with a CVSS score of 4.6 (MEDIUM). GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups o...
How severe is CVE-2022-24869?
CVE-2022-24869 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24869?
Check the references section above for vendor advisories and patch information. Affected products include: Glpi-Project Glpi.