Primary

Context

GLPI Exposure of Sensitive Information Vulnerability in status.php Endpoint

Vulnerability

Patched

A vulnerability allowing the exposure of sensitive information has been identified in GLPI versions 0.71 and prior to 10.0.18. An anonymous user can access this information through the status.php endpoint. The vulnerability arises from inadequate access controls, allowing unauthorized users to retrieve sensitive data.

Impact

Exploitation of this vulnerability allows for the unauthorized retrieval of sensitive information from the status.php endpoint.

Remediation

Users are advised to upgrade to GLPI version 10.0.18, which addresses this vulnerability. Alternatively, the status.php file can be deleted, access to it can be restricted, or sensitive values can be removed from the name field of active LDAP directories, mail server authentication providers, and mail receivers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.1

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

8.1

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Exposure of Sensitive Information Vulnerability in status.php Endpoint

Vulnerability

Impact

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating