nuclei-templates/http/cves/2021/CVE-2021-39211.yaml

id: CVE-2021-39211

info:
  name: GLPI 9.2/<9.5.6 - Information Disclosure
  author: dogasantos,noraj
  severity: medium
  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.
  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
    - https://github.com/glpi-project/glpi/releases/tag/9.5.6
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/StarCrossPortal/scalpel
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-39211
    cwe-id: CWE-200,NVD-CWE-noinfo
    epss-score: 0.00126
    epss-percentile: 0.47223
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: glpi-project
    product: glpi
    shodan-query: http.title:"glpi"
    fofa-query: icon_hash="-1474875778"
    google-query: intitle:"glpi"
  tags: cve,cve2021,glpi,exposure,glpi-project

http:
  - method: GET
    path:
      - "{{BaseURL}}/ajax/telemetry.php"
      - "{{BaseURL}}/glpi/ajax/telemetry.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"uuid":'
          - '"glpi":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100fe062755f4b07576ae5328bf856241f5ea8ffcd7471aee2f20d0e81118a750f7022100963f6ecde4366021315b1d07dede1e4330917c47e2ac4b7068b9c2496b1cc675:922c64590222798bb761d5b6d8e72950
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00			`id: CVE-2021-39211`

			`info:`
Enhancement: cves/2021/CVE-2021-39211.yaml by md 2023-02-01 17:58:20 +00:00			`name: GLPI 9.2/<9.5.6 - Information Disclosure`
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00			`author: dogasantos,noraj`
			`severity: medium`
Enhancement: cves/2021/CVE-2021-39211.yaml by md 2023-02-01 17:58:20 +00:00			`description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.`
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00			`reference:`
			`- https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825`
Auto Generated CVE annotations [Wed Jun 8 12:17:33 UTC 2022] :robot: 2022-06-08 12:17:33 +00:00			`- https://github.com/glpi-project/glpi/releases/tag/9.5.6`
Enhancement: cves/2021/CVE-2021-39211.yaml by md 2023-02-01 17:58:20 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-39211`
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot: 2024-01-29 17:11:14 +00:00			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/StarCrossPortal/scalpel`
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
			`cvss-score: 5.3`
			`cve-id: CVE-2021-39211`
TemplateMan Update [Tue Oct 17 06:11:14 UTC 2023] :robot: 2023-10-17 06:11:14 +00:00			`cwe-id: CWE-200,NVD-CWE-noinfo`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.00126`
			`epss-percentile: 0.47223`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:glpi-project:glpi::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: glpi-project`
			`product: glpi`
product/queries updated 2024-05-31 19:23:20 +00:00			`shodan-query: http.title:"glpi"`
			`fofa-query: icon_hash="-1474875778"`
			`google-query: intitle:"glpi"`
tags enhancements 2023-12-05 09:50:33 +00:00			`tags: cve,cve2021,glpi,exposure,glpi-project`
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
GLPI Telemetry Disclosure: add CVE info (#4555) * GLPI Telemetry Disclosure: add CVE info * template file update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-06-08 08:10:34 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/ajax/telemetry.php"`
			`- "{{BaseURL}}/glpi/ajax/telemetry.php"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- '"uuid":'`
			`- '"glpi":'`
			`condition: and`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot: 2024-03-25 11:57:16 +00:00			`# digest: 4b0a00483046022100fe062755f4b07576ae5328bf856241f5ea8ffcd7471aee2f20d0e81118a750f7022100963f6ecde4366021315b1d07dede1e4330917c47e2ac4b7068b9c2496b1cc675:922c64590222798bb761d5b6d8e72950`