The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.
References
Link | Resource |
---|---|
https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-plugin | Third Party Advisory |
https://plugins.glpi-project.org/#/plugin/dashboard | Vendor Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-425 |
Information
Published : 2021-04-06 05:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-30144
Mitre link : CVE-2021-30144
CVE.ORG link : CVE-2021-30144
JSON object : View
Products Affected
glpi-project
- dashboard
CWE
CWE-425
Direct Request ('Forced Browsing')