| |
Vulnerability CVE-2023-41326
Published: 2023-09-27
| Description: |
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. |
Type:
CWE-269 (Improper Privilege Management)
References: |
https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
