CVE-2021-39209 – GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a use …

Vuln ID: CVE-2021-39209

Published:  2021-09-15  16:15:07Z

Description: GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading.

Source: NVD.NIST.GOV