Date: Tue, 22 Jul 2014 14:45:04 +0200 From: Raphael Geissert <geissert@...ian.org> To: Open Source Security <oss-security@...ts.openwall.com> Subject: GLPI: unprivileged users can access cost information Hi, A bug has been identified by Simone Imeri in GLPI where a user without access to cost information can in fact see the information when selecting cost as a search criteria. This is fixed by commit  which appears to have been included for version 0.84.7 . I believe this should get a CVE id. https://forge.indepnet.net/issues/4984 https://forge.indepnet.net/projects/glpi/repository/revisions/23061 http://www.glpi-project.org/spip.php?page=annonce&id_breve=326&lang=en Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ