Lucene search

MitreCVELIST:CVE-2021-30144

HistoryApr 06, 2021 - 4:40 a.m.

CVE-2021-30144

2021-04-0604:40:38

mitre

www.cve.org

dashboard plugin

glpi

access control

low-privileged users

cve-2021-30144

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used.

References

github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/dashboard-plugin

plugins.glpi-project.org/#/plugin/dashboard

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

Related for CVELIST:CVE-2021-30144