Vulnerability CVE-2024-11955: Information

Description

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-11955
Published: Feb. 25, 2025
Modified: March 4, 2025
Error type identifier: CWE-601

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glpisisyphus10.0.18-alt110.0.18-alt1ALT-PU-2025-4052-1377585Fixed
glpisisyphus_e2k10.0.18-alt110.0.18-alt1ALT-PU-2025-4342-1-Fixed
glpisisyphus_riscv6410.0.18-alt110.0.18-alt1ALT-PU-2025-4139-1-Fixed
glpisisyphus_loongarch6410.0.18-alt110.0.18-alt1ALT-PU-2025-4148-1-Fixed
glpip1110.0.18-alt110.0.18-alt1ALT-PU-2025-4115-2377682Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/glpi-project/glpi/releases/tag/10.0.18
  • Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7
  • Vendor Advisory
VDB-296809 | CTI Indicators (IOB, IOC, TTP, IOA)
  • Permissions Required
VDB-296809 | GLPI index.php redirect
  • Permissions Required
Submit #451775 | GLPI-Project GLPI 10.0.17 Open Redirect
  • Exploit
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
      Start including
      0.85
      End excluding
      10.0.18
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v25.2.1
Back to top