Vulnerability CVE-2021-21326: Information

Description

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-21326
Published: March 8, 2021
Modified: March 17, 2021
Error type identifier: CWE-862

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glpisisyphus9.5.4-alt110.0.15-alt1ALT-PU-2021-1583-1268732Fixed
glpip109.5.4-alt110.0.15-alt1ALT-PU-2021-1583-1268732Fixed
glpip99.5.4-alt19.5.13-alt1ALT-PU-2021-1660-1269862Fixed
glpic10f19.5.4-alt110.0.15-alt1ALT-PU-2021-1583-1268732Fixed
glpic9f29.5.13-alt19.5.13-alt1ALT-PU-2024-8094-3348598Fixed
glpip119.5.4-alt110.0.15-alt1ALT-PU-2021-1583-1268732Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh
  • Third Party Advisory
https://github.com/glpi-project/glpi/releases/tag/9.5.4
  • Release Notes
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
      End excliding
      9.5.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top