CVE-2025-23046

by Fred · 25/02/2025

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.18, if a “Mail servers” authentication provider is configured to use an Oauth connection provided by the OauthIMAP plugin, anyone can connect to GLPI using a user name on which an Oauth authorization has already been established. Version 10.0.18 contains a patch. As a workaround, one may disable any “Mail servers” authentication provider configured to use an Oauth connection provided by the OauthIMAP plugin.

Assigner : security-advisories@github.com

More information : https://github.com/glpi-project/glpi/releases/tag/10.0.18

CVE-2025-23046

Similar

Recent Posts

Categories

CVE-2025-23046

Share this:

Similar

Recent Posts

Categories

Tags