Vulnerability Details CVE-2021-30144
The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.3%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2021-30144
-
cpe:2.3:a:glpi-project:dashboard:0.8.8
-
cpe:2.3:a:glpi-project:dashboard:0.8.9
-
cpe:2.3:a:glpi-project:dashboard:0.9.0
-
cpe:2.3:a:glpi-project:dashboard:0.9.1
-
cpe:2.3:a:glpi-project:dashboard:0.9.2
-
cpe:2.3:a:glpi-project:dashboard:0.9.3
-
cpe:2.3:a:glpi-project:dashboard:0.9.4
-
cpe:2.3:a:glpi-project:dashboard:0.9.6
-
cpe:2.3:a:glpi-project:dashboard:0.9.7
-
cpe:2.3:a:glpi-project:dashboard:0.9.8
-
cpe:2.3:a:glpi-project:dashboard:0.9.9
-
cpe:2.3:a:glpi-project:dashboard:1.0.1
-
cpe:2.3:a:glpi-project:dashboard:1.0.2