Vulnerability CVE-2024-27098: Information
Description
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
Published: March 18, 2024
Modified: March 18, 2024
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
glpi | sisyphus | 10.0.14-alt1 | 10.0.15-alt1 | ALT-PU-2024-4487-1 | 343562 | Fixed |
glpi | sisyphus_e2k | 10.0.14-alt1 | 10.0.15-alt1 | ALT-PU-2024-4589-1 | - | Fixed |
glpi | sisyphus_loongarch64 | 10.0.14-alt1 | 10.0.15-alt1 | ALT-PU-2024-4596-1 | - | Fixed |
glpi | p10 | 10.0.14-alt1 | 10.0.15-alt1 | ALT-PU-2024-4750-2 | 343937 | Fixed |
glpi | p10_e2k | 10.0.14-alt1 | 10.0.15-alt1 | ALT-PU-2024-4884-1 | - | Fixed |