CNNVD-202602-603 Information
CNNVD ID
CNNVD-202602-603
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
GLPI是GLPI开源的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI 10.0.23之前版本和11.0.5之前版本存在授权问题漏洞,该漏洞源于远程身份验证时基于SSO变量的会话管理不当,可能导致会话劫持。
Description (English)
GLPI is an open-source IT and asset management software for GLPI. The software provides a fully functional IT resource management interface, which you can use to create a database that fully manages IT computers, monitors, servers, printers, network equipment, telephones, even selenium drums and cartridges. There is a mandate gap in the pre-GLPI version 10.0.23 and in the pre-version version 11.0.5, which stems from the mismanagement of sessions based on SSO variables at the time of remote authentication, which may lead to the hijacking of conversations.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
GLPI
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/glpi-project/glpi/releases/tag/11.0.5 https://github.com/glpi-project/glpi/releases/tag/10.0.23 https://github.com/glpi-project/glpi/security/advisories/GHSA-5j4j-vx46-r477 https://access.redhat.com/security/cve/cve-2026-23624
Patch
https://github.com/glpi-project/glpi/releases
Share on: