oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GLPI: unprivileged users can access cost information

From: cve-assign () mitre org
Date: Tue, 22 Jul 2014 18:31:19 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


a user without access to cost information can in fact see the
information when selecting cost as a search criteria. This is fixed by
commit which appears to have been included for version 0.84.7.

https://forge.indepnet.net/issues/4984
https://forge.indepnet.net/projects/glpi/repository/revisions/23061
http://www.glpi-project.org/spip.php?page=annonce&id_breve=326&lang=en


Use CVE-2014-5032.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTzuWXAAoJEKllVAevmvmsTUYIALGINZBT+2sBe1llbZwdzM/E
0h5AeMQeP1jJ7TDPBeeLyU4r0ZYcBbuk+o6sLwKSiJGn27rgRSaH7a+mlMN7S+Ax
wausrHZsPwLl0xN8m9LvDJZvOExkC1mEFwm644BQ2AKrC4LikP5bisP0BKPeI0re
YFwBduU52Q0nt97VCR32/euaTQ6/dmfVoPo/M20U8U33qfSgZ5eAOx2ZDCk3GnlY
xVy4vNLVJ+3o0Bx8jWIyhav43alwbd4GjqpOSiRSSI9I7O10R3pmdtAxrlbGpJbY
bnHLyaXpUMe75/4etszIoW+ZWvuxVVYcMcuXlUU0tRDrSYaJiL6FIxiaEcD/sfc=
=KVBH
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: