id: CVE-2021-39211

info:
  name: GLPI 9.2/<9.5.6 - Information Disclosure
  author: dogasantos,noraj
  severity: medium
  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
    - https://github.com/glpi-project/glpi/releases/tag/9.5.6
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-39211
    cwe-id: CWE-668,CWE-200
  tags: cve,cve2021,glpi,exposure

requests:
  - method: GET
    path:
      - "{{BaseURL}}/ajax/telemetry.php"
      - "{{BaseURL}}/glpi/ajax/telemetry.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"uuid":'
          - '"glpi":'
        condition: and

      - type: status
        status:
          - 200

# Enhanced by md on 2023/02/01