CVE-2024-27098 Information

Description

GLPI is a Free Asset and IT Management Software package Data center management ITIL Service Desk licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.

Reference

https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484 https://github.com/glpi-project/glpi/releases/tag/10.0.13