Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2019-10233

HIGH severity · CVSS 8.1 · CWE-203
8.1CVSS HIGH

Summary

Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.

Impact & exploitability

Attack vectorNetwork
Attack complexityHigh
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

GLPI

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://github.com/glpi-project/glpi/pull/5562 ↗

Additional information