{"id":441392,"date":"2026-06-29T09:00:00","date_gmt":"2026-06-29T07:00:00","guid":{"rendered":"https:\/\/www.glpi-project.org\/?p=441392"},"modified":"2026-06-26T11:16:32","modified_gmt":"2026-06-26T09:16:32","slug":"security-advisory-glpi-plugins-update","status":"publish","type":"post","link":"https:\/\/www.glpi-project.org\/fr\/security-advisory-glpi-plugins-update\/","title":{"rendered":"Avis de s\u00e9curit\u00e9 : mise \u00e0 jour requise pour plusieurs plugins communautaires GLPI"},"content":{"rendered":"<p>Nous informons la communaut\u00e9 GLPI de la d\u00e9couverte de plusieurs vuln\u00e9rabilit\u00e9s de s\u00e9curit\u00e9 affectant un certain nombre de plugins communautaires. Des correctifs sont disponibles et doivent \u00eatre d\u00e9ploy\u00e9s rapidement sur toutes les instances concern\u00e9es.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Plugins affect\u00e9s et vuln\u00e9rabilit\u00e9s<\/h3>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"800\" src=\"https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-1024x800.png\" alt=\"\" class=\"wp-image-441393\" srcset=\"https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-1024x800.png 1024w, https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-300x234.png 300w, https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-768x600.png 768w, https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-15x12.png 15w, https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi-1320x1031.png 1320w, https:\/\/www.glpi-project.org\/wp-content\/uploads\/2026\/06\/table-security-glpi.png 1360w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"translation-block\">Les vuln\u00e9rabilit\u00e9s identifi\u00e9es couvrent plusieurs niveaux de criticit\u00e9, notamment une faille critique d'ex\u00e9cution de code \u00e0 distance (RCE) dans <strong>GenericObject<\/strong> (CVSS 8,9), des injections SQL et des failles XSS sur plusieurs plugins, ainsi que des dysfonctionnements de contr\u00f4le d'acc\u00e8s dans <strong>Escalade, Credit<\/strong> et <strong>Glpinventory.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Recommendations<\/h3>\n\n\n\n<p>Nous vous encourageons vivement \u00e0 planifier et d\u00e9ployer les mises \u00e0 jour de ces plugins dans les meilleurs d\u00e9lais sur l'ensemble de vos instances GLPI, afin de maintenir un niveau de s\u00e9curit\u00e9 optimal et de r\u00e9duire le risque d'exploitation des vuln\u00e9rabilit\u00e9s identifi\u00e9es.<\/p>\n\n\n\n<p class=\"translation-block\">La priorit\u00e9 devra \u00eatre accord\u00e9e \u00e0 <strong>GenericObject<\/strong> (CVSS 8,9 \u2013 Critique), dont la faille expose les instances \u00e0 une ex\u00e9cution de code \u00e0 distance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Plateformes GLPI Network Cloud<\/h3>\n\n\n\n<p class=\"translation-block\">L'ensemble des correctifs relatifs aux plugins list\u00e9s ci-dessus ont d\u00e9j\u00e0 \u00e9t\u00e9 d\u00e9ploy\u00e9s sur les plateformes <strong>GLPI Network Cloud Public<\/strong> et <strong>GLPI Network Cloud Private<\/strong>. Aucune action n'est requise pour les instances h\u00e9berg\u00e9es dans nos environnements manag\u00e9s.<\/p>\n\n\n\n<p>Pour toute assistance technique ou information compl\u00e9mentaire, n'h\u00e9sitez pas \u00e0 <a href=\"https:\/\/www.glpi-project.org\/fr\/contact\/\">nous contacter<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>We are notifying the GLPI community of several security vulnerabilities identified in a number of community plugins. Updates are available and should be deployed promptly on all affected instances. Affected Plugins and Vulnerabilities The vulnerabilities identified cover a range of severity levels, including a critical Remote Code Execution (RCE) flaw in GenericObject (CVSS 8.9), multiple [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":441394,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[153],"tags":[],"class_list":["post-441392","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-produits"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/comments?post=441392"}],"version-history":[{"count":8,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441392\/revisions"}],"predecessor-version":[{"id":441405,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/posts\/441392\/revisions\/441405"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media\/441394"}],"wp:attachment":[{"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/media?parent=441392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/categories?post=441392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.glpi-project.org\/fr\/wp-json\/wp\/v2\/tags?post=441392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}