Package glpi: Information

    Source package: glpi
    Version: 10.0.18-alt1
    Latest version according to Repology
    Build time:  Mar 11, 2025, 01:31 AM in the task #377585
    Category: Networking/Other
    Report package bug
    Gear: https://git.altlinux.org/gears/g/glpi.git?a=tree;hb=049b70791ffb…
    Home page: http://www.glpi-project.org
    License: GPLv3
    Summary: IT and asset management software
    Description: 
    GLPI is the Information Resource-Manager with an additional Administration-
Interface.
You can use it to build up a database with an inventory for your company
(computer, software, printers...).
It has enhanced functions to make the daily life for the administrators easier,
like a job-tracking-system with mail-notification and methods to build a
database with basic information about your network-topology.
    List of RPM packages built from this SRPM:
    glpi (noarch)
    glpi-apache2 (noarch)
    glpi-php8.1 (noarch)
    glpi-php8.2 (noarch)
    glpi-php8.3 (noarch)
    Maintainer: Pavel Zilke
    List of contributors:
    Pavel Zilke
    ACL:
    Pavel Zilke
      1. rpm-macros-webserver-common

    Last changed

    Feb. 12, 2025 Pavel Zilke 10.0.18-alt1
    - New version 10.0.18
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2025-24799 : Unauthenticated SQL injection through the inventory endpoint
 + CVE-2025-24801 : Authenticated Remote code execution
 + CVE-2025-21619 : SQL injection through the rules configuration
 + CVE-2024-11955 : Open Redirection
 + CVE-2025-21627 : Reflected XSS in search page
 + CVE-2025-21626 : Exposure of sensitive information in the status.php endpoint
 + CVE-2025-23024 : Plugins disabled by unauthenticated user
 + CVE-2025-23046 : Unauthorized authentication by email using the OAuthIMAP plugin
 + CVE-2025-25192 : Unauthorized access to debug mode
    Nov. 8, 2024 Pavel Zilke 10.0.17-alt1
    - New version 10.0.17
- Added glpi-php8.3
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2024-50339 : Unauthenticated session hijacking
 + CVE-2024-40638 : Account takeover through SQL injection
 + CVE-2024-43416 : Users email enumeration by unauthenticated user
 + CVE-2024-47758 : Account takeover without privilege escalation through the API
 + CVE-2024-47761 : Account takeover via the password reset feature
 + CVE-2024-47760 : Account takeover via API
 + CVE-2024-48912 : Insecure account deletion by authenticated user
 + CVE-2024-45608 : Authenticated SQL Injection
 + CVE-2024-41679 : Authenticated SQL injection in ticket form
 + CVE-2024-45611 : Stored XSS in RSS feeds
 + CVE-2024-47759 : Stored XSS via document upload
 + CVE-2024-43417 : Reflected XSS
 + CVE-2024-43418 : Reflected XSS
 + CVE-2024-45609 : Reflected XSS
 + CVE-2024-45610 : Reflected XSS
 + CVE-2024-41678 : Reflected XSS
    July 3, 2024 Pavel Zilke 10.0.16-alt1
    - New version 10.0.16
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2024-37148 : Account takeover via SQL Injection in AJAX scripts
 + CVE-2024-37149 : Remote code execution through the plugin loader
 + CVE-2024-37147 : Authenticated file upload to restricted tickets
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v25.2.1
    Back to top