GLPI 10.0.17
11 November 2024
GLPI version 10.0.17 is now available (security release).
Upgrading to GLPI 10.0.17
GLPI 10.0.17 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply GLPI updates as new versions are released, or use Installatron's Clone feature to duplicate an existing GLPI install to test the 10.0.17 upgrade prior to applying it live. Get started managing your GLPI installations with Installatron
What's New in GLPI 10.0.17
Security
- Unauthenticated session hijacking (CVE-2024-50339)
- Account takeover through SQL injection (CVE-2024-40638)
- Users email enumeration by unauthenticated user (CVE-2024-43416)
- Account takeover without privilege escalation through the API (CVE-2024-47758)
- Account takeover via the password reset feature (CVE-2024-47761)
- Account takeover via API (CVE-2024-47760)
- Insecure account deletion by authenticated user (CVE-2024-48912)
- Authenticated SQL Injection (CVE-2024-45608)
- Authenticated SQL injection in ticket form (CVE-2024-41679)
- Stored XSS in RSS feeds (CVE-2024-45611)
- Stored XSS via document upload (CVE-2024-47759)
- Multiple reflected XSS (CVE-2024-43417, CVE-2024-43418, CVE-2024-45609, CVE-2024-45610, CVE-2024-41678)