CVE-2024-11955 MEDIUM

CVE-2024-11955: GLPI index.php redirect

Vendor N/A
Product GLPI
Weakness CWE-601 · Open redirect
Published February 25, 2025
Last update February 25, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument redirect leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.0.18 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

February 25, 2025 CVE published
February 25, 2025 Record updated