CVE-2024-43416
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 200
Summary
CVE-2024-43416 is a vulnerability affecting GLPI, a free asset and IT management software. Prior to version 10.0.17, an unauthenticated user could exploit an application endpoint to determine if a given email address is associated with a valid GLPI user account. This vulnerability poses a risk for unauthorized account access and potential data breaches. Users are advised to upgrade to version 10.0.17 or later to address this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- GLPI Project
Affected Vendors
- Teclib