CVE-2021-43779

Опубликовано: 05 янв. 2022

Источник: nvd

CVSS3: 9.9

CVSS2: 9

EPSS Низкий

Описание

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.

Ссылки

https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin
Exploit
Third Party Advisory
https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366
Patch
Third Party Advisory
https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
Exploit
Third Party Advisory
https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43779
https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin
Exploit
Third Party Advisory
https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366
Patch
Third Party Advisory
https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teclib-edition:addressing:*:*:*:*:*:glpi:*:*

Версия до 2.9.1 (исключая)

EPSS

Процентиль: 87%

0.03413

Низкий

9.9 Critical

CVSS3

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20

CWE-78

Связанные уязвимости

CVE-2021-43779

CVSS3: 9.9

ubuntu

около 4 лет назад

CVE-2021-43779

CVSS3: 9.9

debian

около 4 лет назад

GLPI is an open source IT Asset Management, issue tracking system and ...

EPSS

Процентиль: 87%

0.03413

Низкий

9.9 Critical

CVSS3

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20

CWE-78