Home > Vulnerability Database > CVE-2023-22500

Mend.io Vulnerability Database

CVE-2023-22500

Good to know:

Date: January 26, 2023

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users. This issue is patched in version 10.0.6. As a workaround, disable native inventory and delete inventory files from server (default location is `files/_inventory`).

Language: PHP

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22500

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-22500

Url: https://github.com/glpi-project/glpi/commit/03ee5408f12acf211e440de221e499ef2d62e9c5

Url: https://www.cve.org/CVERecord?id=CVE-2023-22500

Url: https://github.com/glpi-project/glpi/security/advisories/GHSA-3ghv-p34r-5ghx

Url: https://www.mend.io/vulnerability-database/CVE-2023-22500

Severity Score

7.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 10.0.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22500

Good to know:

Date: January 26, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?