2014-10-03
ALT-BU-2014-3025-1
Branch t7 update bulletin.
Closed vulnerabilities
Published: 2015-04-14
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-5032
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=325
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/4984
- http://advisories.mageia.org/MGASA-2015-0017.html
- http://www.glpi-project.org/spip.php?page=annonce&id_breve=325
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
- https://forge.indepnet.net/issues/4984