Dashboard Plugin up to 1.0.2 on GLPI main2.php access control

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Dashboard Plugin up to 1.0.2 on GLPI (Forum Software) and classified as critical. This issue affects an unknown code block of the file plugins/dashboard/front/main2.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1112266704/10/2021VulD...cve_cnaMITREnvd.nist.gov04/10/2021accepted70
1112266604/10/2021VulD...cve_nvd_summaryThe Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.cve.mitre.org04/10/2021accepted70
1112266504/10/2021VulD...cve_assigned1617660000cve.mitre.org04/10/2021accepted70
1111056704/06/2021VulD...price_0day$0-$5ksee documentation04/06/2021accepted90
1111056604/06/2021VulD...cvss3_meta_tempscore4.1see documentation04/06/2021accepted90
1111056504/06/2021VulD...cvss3_meta_basescore4.3see documentation04/06/2021accepted90
1111056404/06/2021VulD...cvss3_vuldb_tempscore4.104/06/2021accepted90
1111056304/06/2021VulD...cvss3_vuldb_basescore4.304/06/2021accepted90
1111056204/06/2021VulD...cvss2_vuldb_tempscore3.604/06/2021accepted90
1111056104/06/2021VulD...cvss2_vuldb_basescore4.004/06/2021accepted90
1111056004/06/2021VulD...cvss3_vuldb_rcXderived from historical data04/06/2021accepted80
1111055904/06/2021VulD...cvss3_vuldb_rlXderived from historical data04/06/2021accepted80
1111055804/06/2021VulD...cvss2_vuldb_rcNDderived from historical data04/06/2021accepted80
1111055704/06/2021VulD...cvss2_vuldb_rlNDderived from historical data04/06/2021accepted80
1111055604/06/2021VulD...cvss2_vuldb_auSderived from historical data04/06/2021accepted80
1111055504/06/2021VulD...cvss2_vuldb_ePOCderived from vuldb v3 vector04/06/2021accepted80
1111055404/06/2021VulD...cvss2_vuldb_aiNderived from vuldb v3 vector04/06/2021accepted80
1111055304/06/2021VulD...cvss2_vuldb_iiNderived from vuldb v3 vector04/06/2021accepted80
1111055204/06/2021VulD...cvss2_vuldb_ciPderived from vuldb v3 vector04/06/2021accepted80
1111055104/06/2021VulD...cvss2_vuldb_acLderived from vuldb v3 vector04/06/2021accepted80

Do you need the next level of professionalism?

Upgrade your account now!