VDB
CVE-2021-21255
CVE-2021-21255
PUBLISHED
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.
EPSS 0.23% · 45.9th percentile
Risk Scores
EPSS Score
0.23%
45.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | glpi | 0, 0.84.8+dfsg.1-1, * |
Exploit Intelligence
Timeline
- Mar 2, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-21255 third-party-advisory
- https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j third-party-advisory
- https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21255 third-party-advisory