CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39210 – Autologin cookie accessible by scripts
https://notcve.org/view.php?id=CVE-2021-39210
15 Sep 2021 — GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39209 – Bypassable CSRF protection
https://notcve.org/view.php?id=CVE-2021-39209
15 Sep 2021 — GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. There are no workarounds aside from upgrading. • https://github.com/glpi-project/glpi/releases/tag/9.5.6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21324 – Insecure Direct Object Reference (IDOR) on "Solutions"
https://notcve.org/view.php?id=CVE-2021-21324
08 Mar 2021 — GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and se... • https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21325 – Stored XSS in budget type
https://notcve.org/view.php?id=CVE-2021-21325
08 Mar 2021 — GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting attack. To exploit this endpoint attacker need to be authenticated. • https://github.com/glpi-project/glpi/releases/tag/9.5.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21326 – Horizontal Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-21326
08 Mar 2021 — GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4. GLPI es un paquete de software de gestión de activos y TI de código abierto que proporciona funcionalidades de ITIL Service Desk, seguimiento de licencias y auditoría de software. En GLP... • https://github.com/glpi-project/glpi/releases/tag/9.5.4 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-21327 – Unsafe Reflection in getItemForItemtype()
https://notcve.org/view.php?id=CVE-2021-21327
08 Mar 2021 — GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to carry out malicious attacks, or to start a “POP chain”. As an example of direct impact, this vulnerability affects integrity of the GLPI core platform and third-party plugins runtime misusing classes which implement... • https://packetstorm.news/files/id/161680 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21314 – XSS injection on ticket update
https://notcve.org/view.php?id=CVE-2021-21314
03 Mar 2021 — GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket. GLPI es un software de código abierto que significa Gestionnaire Libre de Parc Informatique y es un paquete gratuito de Software de Gestión de Activos y TI. En GLPI anterior a la versión 9.5.4, existe una vulnerabilidad de tipo XSS que involucra a un... • https://github.com/glpi-project/glpi/releases/tag/9.5.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21312 – Stored XSS on documents
https://notcve.org/view.php?id=CVE-2021-21312
03 Mar 2021 — GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following... • https://github.com/glpi-project/glpi/releases/tag/9.5.4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21313 – XSS on tabs
https://notcve.org/view.php?id=CVE-2021-21313
03 Mar 2021 — GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype... • https://github.com/glpi-project/glpi/releases/tag/9.5.4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27663
https://notcve.org/view.php?id=CVE-2020-27663
26 Nov 2020 — In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). En GLPI versiones anteriores a 9.5.3, el archivo ajax/getDropdownValue.php presenta una vulnerabilidad de Referencia Directa a Objetos No Segura (IDOR) que permite a un atacante leer datos de cualquier itemType (por ejemplo, Ticket, Users, etc.) • https://github.com/glpi-project/glpi/security/advisories/GHSA-pqfv-4pvr-55r4 • CWE-639: Authorization Bypass Through User-Controlled Key •