CVE-2024-53850 HIGH

CVE-2024-53850: The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

Vendor Pluginsglpi
Product addressing
Weakness CWE-470
Published December 26, 2024
Last update December 27, 2024

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI.

Key dates

02Disclosure timeline

December 26, 2024 CVE published
December 27, 2024 Record updated