Skip to content
Nuclei Templates

GLPI 9.2/<9.5.6 - Information Disclosure

ID: CVE-2021-39211

Severity: medium

Author: dogasantos,noraj

Tags: cve,cve2021,glpi,exposure,glpi-project

Description

Section titled “Description”

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2021-39211


info:
  name: GLPI 9.2/<9.5.6 - Information Disclosure
  author: dogasantos,noraj
  severity: medium
  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.
  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
    - https://github.com/glpi-project/glpi/releases/tag/9.5.6
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/StarCrossPortal/scalpel
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-39211
    cwe-id: CWE-200,NVD-CWE-noinfo
    epss-score: 0.00126
    epss-percentile: 0.47223
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: glpi-project
    product: glpi
    shodan-query:
      - http.title:"glpi"
      - http.favicon.hash:"-1474875778"
    fofa-query:
      - icon_hash="-1474875778"
      - title="glpi"
    google-query: intitle:"glpi"
  tags: cve,cve2021,glpi,exposure,glpi-project


http:
  - method: GET
    path:
      - "{{BaseURL}}/ajax/telemetry.php"
      - "{{BaseURL}}/glpi/ajax/telemetry.php"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"uuid":'
          - '"glpi":'
        condition: and


      - type: status
        status:
          - 200
# digest: 490a0046304402202e91196412fbcf00d56f9eed57dcca37ae56ffef80b4f2905c55add186ea548d02201eb4c3af2ce9c8e79ae2c3b45972fde41d226b98657417b011a1cf2e022499bb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-39211.yaml"

View on Github