Home > Vulnerability Database > WS-2022-0368

Mend.io Vulnerability Database

WS-2022-0368

Good to know:

Date: September 18, 2022

User's session persist after permanently deleting his account in glpi-project/glpi. If a user is logged in, and an admin decided to delete his account permanently, the user is still able to perform his normal actions until his session gets expired. If a logged in user with admin role is deleted permanently, he's still able to delete other admins permanently, and if they are not logged in at that moment, they won't be able to access their account in the future.

Language: PHP

Severity Score

6.5

Related Resources (2)

Url: https://github.com/glpi-project/glpi/commit/071c4eacb6476f8a2a41e07df595fdfd1d62a3f7

Url: https://www.mend.io/vulnerability-database/WS-2022-0368

Severity Score

6.5

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version 10.0.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2022-0368

Good to know:

Date: September 18, 2022

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?