48 lines
1.8 KiB
YAML
48 lines
1.8 KiB
YAML
id: CVE-2021-39211
|
|
|
|
info:
|
|
name: GLPI 9.2/<9.5.6 - Information Disclosure
|
|
author: dogasantos,noraj
|
|
severity: medium
|
|
description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
|
impact: |
|
|
Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.
|
|
remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
|
|
reference:
|
|
- https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
|
|
- https://github.com/glpi-project/glpi/releases/tag/9.5.6
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-39211
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
- https://github.com/StarCrossPortal/scalpel
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2021-39211
|
|
cwe-id: CWE-200,NVD-CWE-noinfo
|
|
epss-score: 0.00161
|
|
epss-percentile: 0.51768
|
|
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 2
|
|
vendor: glpi-project
|
|
product: glpi
|
|
tags: cve,cve2021,glpi,exposure,glpi-project
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/ajax/telemetry.php"
|
|
- "{{BaseURL}}/glpi/ajax/telemetry.php"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- '"uuid":'
|
|
- '"glpi":'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100fe062755f4b07576ae5328bf856241f5ea8ffcd7471aee2f20d0e81118a750f7022100963f6ecde4366021315b1d07dede1e4330917c47e2ac4b7068b9c2496b1cc675:922c64590222798bb761d5b6d8e72950 |