CVE-2024-43416

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 19, 2024
CWE ID 200

Summary

CVE-2024-43416 is a vulnerability affecting GLPI, a free asset and IT management software. Prior to version 10.0.17, an unauthenticated user could exploit an application endpoint to determine if a given email address is associated with a valid GLPI user account. This vulnerability poses a risk for unauthorized account access and potential data breaches. Users are advised to upgrade to version 10.0.17 or later to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share