CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39211 – Disclosure of GLPI and server information in telemetry endpoint
https://notcve.org/view.php?id=CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI. GLPI es un paquete de software gratuito de administración de activos y TI. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39210 – Autologin cookie accessible by scripts
https://notcve.org/view.php?id=CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39209 – Bypassable CSRF protection
https://notcve.org/view.php?id=CVE-2021-39209
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3486
https://notcve.org/view.php?id=CVE-2021-3486
GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. GLPi versión 9.5.4, no sanea los metadatos. De esta manera es posible insertar un ataque de tipo XSS en los plugins para ejecutar código JavaScript • https://bugzilla.redhat.com/show_bug.cgi?id=1947653 https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS https://n3k00n3.github.io/blog/09042021/glpi_xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30144
https://notcve.org/view.php?id=CVE-2021-30144
The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. El plugin Dashboard versiones hasta 1.0.2 para GLPI, permite a usuarios remotos poco privilegiados omitir un control de acceso en visualizar información sobre los últimos diez eventos, los usuarios conectados y los usuarios en la categoría de tecnología. Por ejemplo, puede ser usado un archivo plugins/dashboard/front/main2.php • https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-plugin https://plugins.glpi-project.org/#/plugin/dashboard • CWE-425: Direct Request ('Forced Browsing') •