Glpi-Project: >> Glpi >> 9.5.5 Security Vulnerabilities
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
CVSS Score
6.8
EPSS Score
0.004
Published
2021-09-15
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-15
Page 10