You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-04-05 15:59:42

francois-teclib
Expert GLPI
From: TECLIB
Registered: 2006-11-05
Posts: 74
Website

GLPI 9.5.13

This is a security release, upgrading is recommended

9.5.13-DOWNLOAD_GLPI-green.svg?logo=php&logoColor=white&style=for-the-badge?logo=php&logoColor=white&style=for-the-badge

Below, you'll find a short list of key points of this release:

  • [SECURITY - High] Account takeover by authenticated user (CVE-2023-28632).

  • [SECURITY - High] SQL injection through dynamic reports (CVE-2023-28838).

  • [SECURITY - Moderate] Stored XSS through dashboard administration (CVE-2023-28852).

  • [SECURITY - Moderate] Stored XSS on external links (CVE-2023-28636).

  • [SECURITY - Moderate] Reflected XSS in search pages (CVE-2023-28639).

  • [SECURITY - Moderate] Privilege Escalation from technician to super-admin (CVE-2023-28634).

  • [SECURITY - Low] Blind Server-Side Request Forgery (SSRF) in RSS feeds (CVE-2023-28633).

Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/

Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)

Offline

Pages: 1

Board footer

Powered by FluxBB