Home > Vulnerability Database > CVE-2023-23610

Mend.io Vulnerability Database

CVE-2023-23610

Date: January 25, 2023

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.

Language: PHP

Severity Score

6.5

Related Resources (6)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2023-23610

Url: https://www.cve.org/CVERecord?id=CVE-2023-23610

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23610

Url: https://github.com/glpi-project/glpi/commit/09dbd1d3fc8333c0bad1bd4edcd199d8378447f0

Url: https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf

Url: https://www.mend.io/vulnerability-database/CVE-2023-23610

Severity Score

6.5

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Incorrect Permission Assignment for Critical Resource

CWE-732

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23610

Date: January 25, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?