FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glpi -- leakage issue with knowledge base

Affected packages
9.5.0 < glpi
glpi < 9.5.2

Details

VuXML ID 5acd95db-3b16-11eb-af2a-080027dbe4b7
Discovery 2020-06-25
Entry 2020-06-25

MITRE Corporation reports:

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.

References

CVE Name CVE-2020-15217
URL https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
URL https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv