Vulnerabilities > CVE-2020-15217 - Unspecified vulnerability in Glpi-Project Glpi 9.5.0/9.5.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
- https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
- https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv
- https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv