id: CVE-2021-39211 info: name: GLPI 9.2/<9.5.6 - Information Disclosure author: dogasantos,noraj severity: medium description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 - https://github.com/glpi-project/glpi/releases/tag/9.5.6 - https://nvd.nist.gov/vuln/detail/CVE-2021-39211 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-39211 cwe-id: CWE-200,NVD-CWE-noinfo epss-score: 0.00232 epss-percentile: 0.61151 cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: glpi-project product: glpi tags: cve,cve2021,glpi,exposure http: - method: GET path: - "{{BaseURL}}/ajax/telemetry.php" - "{{BaseURL}}/glpi/ajax/telemetry.php" matchers-condition: and matchers: - type: word words: - '"uuid":' - '"glpi":' condition: and - type: status status: - 200 # digest: 4a0a00473045022100d06a086da21d0d2aaf2d01ed1951050970ef1e765013129c6264789d7a5e72f0022003fda1a69362c234711652688f670811ec8d88b81d5cae5dd5a1fdf8b3440085:922c64590222798bb761d5b6d8e72950