In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. Reference: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf
Created glpi tracking bugs for this issue: Affects: epel-7 [bug 1834500] Affects: fedora-all [bug 1834498]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.