Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation
Package
glpi
(glpi)
Affected versions
>= 9.5.0
Patched versions
10.0.13
Description
Credits
-
iarce-qb Reporter
iarce-qb
Reporter
Impact
An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation.
Patches
Upgrade to 10.0.13.
For more information
If you have any questions or comments about this advisory, mail us at glpi-security@ow2.org