CVE-2019-13240

Published: Jul 10, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/glpi-project/glpi/releases/tag/9.4.1

x_refsource_MISC

https://github.com/glpi-project/glpi/compare/1783b78...8e621f6

x_refsource_MISC

https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6

x_refsource_MISC

https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7

x_refsource_MISC

https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_unsafe_reset.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-13240

Description

Affected Products

References