CVE-2023-35939: 
GLPI vulnerability analysis and mitigation

GLPI (a free asset and IT management software package) versions from 9.5.0 to versions prior to 10.0.8 contain a security vulnerability identified as CVE-2023-35939. The vulnerability was discovered and disclosed on July 5, 2023, affecting the dashboard data access functionality. This high-severity issue involves an incorrect rights check on a file that is accessible by authenticated users (GitHub Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability stems from improper access control (CWE-284) where an incorrect rights check is performed on a file accessible by authenticated users. This security flaw allows unauthorized interaction with, modification of, or visibility into dashboard data (GitHub Advisory).

The vulnerability allows authenticated users to interact with, modify, or view dashboard data beyond their authorized access levels. This results in potential unauthorized access to sensitive information and the ability to modify dashboard data, compromising both the confidentiality and integrity of the system (GitHub Advisory).

The vulnerability has been patched in GLPI version 10.0.8. Users are strongly recommended to upgrade to this version to address the security issue. The fix was released as part of a security update that addressed multiple vulnerabilities (GitHub Release).