Primary

Context

GLPI Inventory Plugin Improper Access Control Vulnerability

Vulnerability

Patched

A vulnerability allowing improper access control has been identified in the GLPI Inventory Plugin, affecting versions prior to 1.5.0. This vulnerability could potentially be exploited to manipulate access controls within the plugin's functionality.

Impact

Exploitation of this vulnerability could lead to unauthorized access or manipulation of resources within the GLPI Inventory Plugin, allowing users to bypass intended access controls.

Reproduction

To reproduce this vulnerability, install a version of the GLPI Inventory Plugin prior to 1.5.0. Then, upload a file through the plugin's deployment package feature. The uploaded file will be accessible via the GLPI Inventory Upload directory, which can be exploited to bypass access controls.

Remediation

Users are advised to upgrade to GLPI Inventory Plugin version 1.5.0 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

5.4

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GLPI Inventory Plugin Improper Access Control Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GLPI Inventory Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating