Package glpi: Information
Default inline alert: Version in the repository: 10.0.15-alt1
Source package: glpi
Version: 9.5.6-alt1
Build time: Oct 13, 2021, 02:39 AM in the task #286922
Category: Networking/Other
Report package bugHome page: http://www.glpi-project.org
License: GPLv2
Summary: IT and asset management software
Description:
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.
Maintainer: Pavel Zilke
Last changed
Oct. 12, 2021 Pavel Zilke 9.5.6-alt1
- New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie accessible by scripts + CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints + CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
May 13, 2021 Pavel Zilke 9.5.5-alt1
- New version 9.5.5 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-3486 : Stored XSS in plugins information
March 31, 2021 Pavel Zilke 9.5.4-alt1
- New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS injection on ticket update + CVE-2021-21312 : Stored XSS on documents + CVE-2021-21313 : XSS on tabs + CVE-2021-21325 : Stored XSS in budget type + CVE-2021-21327 : Unsafe Reflection in getItemForItemtype() + CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"