oss-sec mailing list archives

GLPI: unprivileged users can access cost information

From: Raphael Geissert <geissert () debian org>
Date: Tue, 22 Jul 2014 14:45:04 +0200

Hi,

A bug has been identified by Simone Imeri in GLPI where a user without
access to cost information can in fact see the information when
selecting cost as a search criteria[1]. This is fixed by commit [2]
which appears to have been included for version  0.84.7 [3].

I believe this should get a CVE id.

[1]https://forge.indepnet.net/issues/4984
[2]https://forge.indepnet.net/projects/glpi/repository/revisions/23061
[3]http://www.glpi-project.org/spip.php?page=annonce&id_breve=326&lang=en

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

GLPI: unprivileged users can access cost information Raphael Geissert (Jul 22)
- Re: GLPI: unprivileged users can access cost information cve-assign (Jul 22)