CVE-2020-11035
Published
CVSS v3
7.5
HIGH
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT
Description
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
GitHub