CVE-2012-4002
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| glpi-project | glpi | {"endIncluding":"0.83.2"} | |
| glpi-project | glpi | 0.5 | |
| glpi-project | glpi | 0.6 | |
| glpi-project | glpi | 0.20 | |
| glpi-project | glpi | 0.21 | |
| glpi-project | glpi | 0.30 | |
| glpi-project | glpi | 0.31 | |
| glpi-project | glpi | 0.40 | |
| glpi-project | glpi | 0.41 | |
| glpi-project | glpi | 0.42 | |
| glpi-project | glpi | 0.51 | |
| glpi-project | glpi | 0.51a | |
| glpi-project | glpi | 0.65 | |
| glpi-project | glpi | 0.68 | |
| glpi-project | glpi | 0.68.1 | |
| glpi-project | glpi | 0.68.2 | |
| glpi-project | glpi | 0.68.3 | |
| glpi-project | glpi | 0.70 | |
| glpi-project | glpi | 0.70.1 | |
| glpi-project | glpi | 0.70.2 | |
| glpi-project | glpi | 0.71 | |
| glpi-project | glpi | 0.71.1 | |
| glpi-project | glpi | 0.71.2 | |
| glpi-project | glpi | 0.71.3 | |
| glpi-project | glpi | 0.71.4 | |
| glpi-project | glpi | 0.71.5 | |
| glpi-project | glpi | 0.71.6 | |
| glpi-project | glpi | 0.72 | |
| glpi-project | glpi | 0.72.1 | |
| glpi-project | glpi | 0.72.2 | |
| glpi-project | glpi | 0.72.3 | |
| glpi-project | glpi | 0.72.4 | |
| glpi-project | glpi | 0.78 | |
| glpi-project | glpi | 0.78.1 | |
| glpi-project | glpi | 0.78.2 | |
| glpi-project | glpi | 0.78.3 | |
| glpi-project | glpi | 0.78.4 | |
| glpi-project | glpi | 0.78.5 | |
| glpi-project | glpi | 0.80 | |
| glpi-project | glpi | 0.80.1 | |
| glpi-project | glpi | 0.80.2 | |
| glpi-project | glpi | 0.80.3 | |
| glpi-project | glpi | 0.80.4 | |
| glpi-project | glpi | 0.80.5 | |
| glpi-project | glpi | 0.80.6 | |
| glpi-project | glpi | 0.80.7 | |
| glpi-project | glpi | 0.80.61 | |
| glpi-project | glpi | 0.83 | |
| glpi-project | glpi | 0.83.1 | |
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:132
- http://www.openwall.com/lists/oss-security/2012/07/13/1
- https://forge.indepnet.net/issues/3704
- https://forge.indepnet.net/issues/3707
- https://forge.indepnet.net/projects/glpi/versions/771
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:132
- http://www.openwall.com/lists/oss-security/2012/07/13/1
- https://forge.indepnet.net/issues/3704
- https://forge.indepnet.net/issues/3707
- https://forge.indepnet.net/projects/glpi/versions/771
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.