GLPI Security Update Advisory (CVE-2024-50339)

Dec 20 2024

Overview

An update has been released to address vulnerabilities in GLPI. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-50339

GLPI versions: 9.5.0 (inclusive) ~ 10.0.17 (excluded)

Resolved Vulnerabilities

Vulnerability that allows an unauthenticated user to steal a valid session by retrieving all session IDs (CVE-2024-50339)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-50339

GLPI version: 10.0.17

Referenced Sites

[1] CVE-2024-50339 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-50339

[2] Unauthenticated session hijacking (Leakymetry)

https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72

[3] 10.0.17

https://github.com/glpi-project/glpi/releases/tag/10.0.17

GLPI Security Update Advisory (CVE-2024-50339)

Databricks JDBC Driver Update Advisory (CVE-2024-49194)

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory

Tags:

Databricks JDBC Driver Update Advisory (CVE-2024-49194)

Google Chrome Browser (131.0.6778.204/.205) Security Update Advisory