CVE-2024-11955
MEDIUMCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.
Analysis
A vulnerability was found in GLPI up to 10.0.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical Context
This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component. Affected products include: Glpi-Project Glpi. Version information: up to 10.0.17..
Affected Products
Glpi-Project Glpi.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today