Security Advisory

CVE-2021-39209

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-15 15:50:10
Last updated 2024-08-04 01:58:18
Assigner GitHub_M
State PUBLISHED

Description

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.