You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
Pages: 1
#1 2024-11-06 12:18:19
- francois-teclib
- Expert GLPI
- From: TECLIB
- Registered: 2006-11-05
- Posts: 76
- Website
GLPI 10.0.17
This release fixes several security issues that has been recently discovered. Update is strongly recommended!
You will find below the list of security issues fixed in this bugfixes version:
[SECURITY - critical] Unauthenticated session hijacking (CVE-2024-50339)
[SECURITY - high] Account takeover through SQL injection (CVE-2024-40638)
[SECURITY - high] Users email enumeration by unauthenticated user (CVE-2024-43416)
[SECURITY - high] Account takeover without privilege escalation through the API (CVE-2024-47758)
[SECURITY - high] Account takeover via the password reset feature (CVE-2024-47761)
[SECURITY - high] Account takeover via API (CVE-2024-47760)
[SECURITY - high] Insecure account deletion by authenticated user (CVE-2024-48912)
[SECURITY - moderate] Authenticated SQL Injection (CVE-2024-45608)
[SECURITY - moderate] Authenticated SQL injection in ticket form (CVE-2024-41679)
[SECURITY - moderate] Stored XSS in RSS feeds (CVE-2024-45611)
[SECURITY - moderate] Stored XSS via document upload (CVE-2024-47759)
[SECURITY - moderate] Multiple reflected XSS (CVE-2024-43417, CVE-2024-43418, CVE-2024-45609, CVE-2024-45610, CVE-2024-41678)
Many bug fixes have also been made, read the full technical changelog for details.
We would like to thank all people who contributed to this new version and all those who contribute regularly to the GLPI project!
Besoin d'un support professionnel pour GLPI ? Pensez à GLPI Network ! https://glpi-project.org/fr/tarifs/
Connaissez-vous l'offre Cloud maintenue et supportée par l'équipe qui édite GLPI ?
Vous pouvez tester gratuitement pendant 45 jours ! https://glpi-network.cloud (ou plus si besoin)
Offline
Pages: 1