Vulnerability DatabaseWS-2022-0368
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2022-0368
September 18, 2022
User's session persist after permanently deleting his account in glpi-project/glpi. If a user is logged in, and an admin decided to delete his account permanently, the user is still able to perform his normal actions until his session gets expired. If a logged in user with admin role is deleted permanently, he's still able to delete other admins permanently, and if they are not logged in at that moment, they won't be able to access their account in the future.
Related Resources (1)
https://github.com/glpi-project/glpi/commit/071c4eacb6476f8a2a41e07df595fdfd1d62a3f7
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.5
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE