id: CVE-2021-39211

info:
  name: GLPI 9.2/<9.5.6 - Information Disclosure
  author: dogasantos,noraj
  severity: medium
  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
    - https://github.com/glpi-project/glpi/releases/tag/9.5.6
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-39211
    cwe-id: CWE-200,NVD-CWE-noinfo
    epss-score: 0.00166
    epss-percentile: 0.53256
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: glpi-project
    product: glpi
  tags: cve,cve2021,glpi,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/ajax/telemetry.php"
      - "{{BaseURL}}/glpi/ajax/telemetry.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"uuid":'
          - '"glpi":'
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a0047304502206534559cf185a8bdee83fdf6d89558b9859e14d02a47043257a2d581c451b09002210096fecaa2743796a49eabe456aaa1bee0fe5f1328cf639716a3118d9ad00ec74f:922c64590222798bb761d5b6d8e72950