CVE-2024-11955 Information

Feb 26, 2025 cve

Description

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://github.com/glpi-project/glpi/releases/tag/10.0.18 https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7 https://vuldb.com/?ctiid.296809 https://vuldb.com/?id.296809 https://vuldb.com/?submit.451775

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: