CNNVD-202601-2609 Information
CNNVD ID
CNNVD-202601-2609
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 10.0.21之前版本和11.0.3之前版本存在安全漏洞,该漏洞源于未授权用户可访问附件文档,可能导致信息泄露。
Description (English)
GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. There is a security loophole in the pre-GLPI 10.21 and pre-11.03 versions, which stems from unauthorized users ’ access to attachment documents, which may lead to the disclosure of information.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
GLPI
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/glpi-project/glpi/commit/51412a89d3174cfe22967b051d527febdbceab3c https://github.com/glpi-project/glpi/commit/ee7ee28e0645198311c0a9e0c4e4b712b8788e27 https://github.com/glpi-project/glpi/releases/tag/10.0.21 https://github.com/glpi-project/glpi/releases/tag/11.0.3 https://github.com/glpi-project/glpi/security/advisories/GHSA-487h-7mxm-7r46
Patch
https://github.com/glpi-project/glpi/releases
Share on: