CVE-2021-39211

Опубликовано: 15 сент. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual functions of GLPI.

Ссылки

https://github.com/glpi-project/glpi/releases/tag/9.5.6
Release Notes
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
Third Party Advisory
https://github.com/glpi-project/glpi/releases/tag/9.5.6
Release Notes
Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

Версия от 9.2 (включая) до 9.5.6 (исключая)

EPSS

Процентиль: 98%

0.54404

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-39211

CVSS3: 5.3

ubuntu

больше 4 лет назад

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.

CVE-2021-39211

CVSS3: 5.3

debian

больше 4 лет назад

GLPI is a free Asset and IT management software package. Starting in v ...

EPSS

Процентиль: 98%

0.54404

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo