Enhancement: cves/2021/CVE-2021-39211.yaml by md

cves/2021/CVE-2021-39211.yaml

@@ -1,14 +1,15 @@
 id: CVE-2021-39211
 
 info:
-  name: GLPI Telemetry Disclosure
+  name: GLPI 9.2/<9.5.6 - Information Disclosure
   author: dogasantos,noraj
   severity: medium
-  description: GLPI => 9.2 and < 9.5.6, the telemetry endpoint discloses GLPI and server information.
+  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
     - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
     - https://github.com/glpi-project/glpi/releases/tag/9.5.6
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
+  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
     cvss-score: 5.3
@@ -33,3 +34,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2023/02/01