Primary

Context

GLPI Unauthorized Authentication Vulnerability via OAuthIMAP Plugin

Vulnerability

Patched

A vulnerability exists in GLPI versions 9.5.0 through 10.0.18, allowing unauthorized authentication through an OAuth connection via the OAuthIMAP plugin. This issue arises when a 'Mail servers' authentication provider is set to use OAuth, enabling anyone to access GLPI using a username with established OAuth authorization.

Impact

Exploitation of this vulnerability allows unauthorized users to authenticate to GLPI, potentially leading to unauthorized access or actions within the application.

Remediation

Users can upgrade to GLPI version 10.0.18, which addresses this vulnerability. Alternatively, any 'Mail servers' authentication provider using an OAuth connection from the OAuthIMAP plugin can be disabled.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

6.2

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

6.2

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Unauthorized Authentication Vulnerability via OAuthIMAP Plugin

Vulnerability

Impact

Remediation

Affected Products

GLPI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating