Maintainer Pavel Zilke in the p10 branch: Information
Maintainer name: Pavel Zilke (zidex)
Built source packages in this branch: 4
Last changes
Jul 25, 2024, 03:11 PM
#352991 sent by Pavel Zilke
security_fix
IT and asset management software
July 3, 2024 Pavel Zilke:
- New version 10.0.16 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-37148 : Account takeover via SQL Injection in AJAX scripts + CVE-2024-37149 : Remote code execution through the plugin loader + CVE-2024-37147 : Authenticated file upload to restricted tickets
May 2, 2024, 05:50 PM
#347218 sent by Pavel Zilke
security_fix
IT and asset management software
April 26, 2024 Pavel Zilke:
- New version 10.0.15 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-31456 Authenticated SQL injection from map search + CVE-2024-29889 Account takeover via SQL Injection in saved searches feature
Apr 1, 2024, 05:01 PM
#343937 sent by Pavel Zilke
security_fix
IT and asset management software
March 25, 2024 Pavel Zilke:
- New version 10.0.14 - Due to a few regressions in the last (10.0.13), an early release is available.
Feb 20, 2024, 04:13 PM
#340950 sent by Pavel Zilke
security_fix
IT and asset management software
Feb. 2, 2024 Pavel Zilke:
- New version 10.0.12 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-23645 : Reflected XSS in reports pages + CVE-2023-51446 : LDAP Injection during authentication ()
Dec 18, 2023, 09:34 PM
#336575 sent by Pavel Zilke
security_fix
IT and asset management software
Dec. 14, 2023 Pavel Zilke:
- New version 10.0.11 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-43813 : Authenticated SQL Injection + CVE-2023-46727 : SQL injection through inventory agent request + CVE-2023-46726 : Remote code execution from LDAP server configuration form on PHP 7.4 - Deleted glpi-php8.0
Jun 2, 2023, 05:09 PM
#322040 sent by Pavel Zilke
security_fix
IT and asset management software
May 27, 2023 Pavel Zilke:
- New version 9.5.13 - This release fixes several security issues that have been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
Mar 22, 2023, 04:11 PM
#316955 sent by Pavel Zilke
security_fix
IT and asset management software
March 18, 2023 Pavel Zilke:
- New version 9.5.12 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute
Nov 14, 2022, 08:57 PM
#309550 sent by Pavel Zilke
security_fix
IT and asset management software
Nov. 5, 2022 Pavel Zilke:
- New version 9.5.11 - Bugfix for previouys release
Sep 16, 2022, 05:19 PM
#306811 sent by Pavel Zilke
critical_security_fix
IT and asset management software
Sept. 14, 2022 Pavel Zilke:
- New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
Jul 7, 2022, 12:16 PM
#303183 sent by Pavel Zilke
security_fix
IT and asset management software
July 4, 2022 Pavel Zilke:
- New version 9.5.8 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-31061 : SQL injection on login page + CVE-2022-24868 : XSS / open redirect via SVG file upload + CVE-2022-24869 : Cross Site CSS Injection
Mar 18, 2022, 09:57 PM
#296717 sent by Pavel Zilke
security_fix
IT and asset management software
Jan. 27, 2022 Pavel Zilke:
- New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload button
Oct 14, 2021, 07:08 PM
#287043 sent by Pavel Zilke
security_fix
IT and asset management software
Oct. 12, 2021 Pavel Zilke:
- New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie accessible by scripts + CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints + CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection