CVE-2023-41323: 
GLPI vulnerability analysis and mitigation

CVE-2023-41323 affects GLPI (Gestionnaire Libre de Parc Informatique), a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking, and software auditing. The vulnerability was disclosed on September 26, 2023, and affects all versions from 0.68 up to (but not including) version 10.0.10 (GitHub Advisory).

The vulnerability allows an unauthenticated user to enumerate user logins in the GLPI system. It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, has unchanged scope, and only impacts confidentiality at a low level (GitHub Advisory).

The primary impact of this vulnerability is the potential exposure of user login information to unauthorized users. This could provide attackers with valuable reconnaissance information that could be used in further attacks against the system (GitHub Advisory).

Users are advised to upgrade to GLPI version 10.0.10 or later to address this vulnerability. There are no known workarounds for this security issue (GitHub Advisory).