GLPI has overly permissive URL verification

July 30, 2025 invoker category_cve

CVE Details

Basic Information

Title GLPI has overly permissive URL verification
Type cve
Published 2025-07-30T14:07:14.643Z
Modified 2025-07-30T14:07:14.643Z

Product Information

Vendor glpi-project
Product glpi
Version >= 0.84, < 10.0.19

CVSS Information

Base Score 3.5 (LOW)
Attack Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products

  • glpi-project glpi >= 0.84, < 10.0.19

Additional Information

CWE List CWE-918
Source GitHub_M

Description

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploit. The previous security patches provided since GLPI 10.0.4 were not robust enough for certain specific cases. This is fixed in version 10.0.19.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.