CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39213 – IP restriction on GLPI API Bypass with custom header injection
https://notcve.org/view.php?id=CVE-2021-39213
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround. GLPI es un paquete de software gratuito de administración de activos y TI. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39211 – Disclosure of GLPI and server information in telemetry endpoint
https://notcve.org/view.php?id=CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI. GLPI es un paquete de software gratuito de administración de activos y TI. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39210 – Autologin cookie accessible by scripts
https://notcve.org/view.php?id=CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39209 – Bypassable CSRF protection
https://notcve.org/view.php?id=CVE-2021-39209
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3486
https://notcve.org/view.php?id=CVE-2021-3486
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. GLPi versión 9.5.4, no sanea los metadatos. De esta manera es posible insertar un ataque de tipo XSS en los plugins para ejecutar código JavaScript • https://bugzilla.redhat.com/show_bug.cgi?id=1947653 https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS https://n3k00n3.github.io/blog/09042021/glpi_xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •