oss-sec mailing list archives
GLPI: unprivileged users can access cost information
From: Raphael Geissert <geissert () debian org>
Date: Tue, 22 Jul 2014 14:45:04 +0200
Hi, A bug has been identified by Simone Imeri in GLPI where a user without access to cost information can in fact see the information when selecting cost as a search criteria[1]. This is fixed by commit [2] which appears to have been included for version 0.84.7 [3]. I believe this should get a CVE id. [1]https://forge.indepnet.net/issues/4984 [2]https://forge.indepnet.net/projects/glpi/repository/revisions/23061 [3]http://www.glpi-project.org/spip.php?page=annonce&id_breve=326&lang=en Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- GLPI: unprivileged users can access cost information Raphael Geissert (Jul 22)
- Re: GLPI: unprivileged users can access cost information cve-assign (Jul 22)