| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| glpi -- bypass of the open redirect protection | 30 Mar 202000:00 | – | freebsd | |
| Teclib GLPI Input Validation Error Vulnerability | 6 May 202000:00 | – | cnvd | |
| CVE-2020-11034 | 5 May 202021:20 | – | cve | |
| CVE-2020-11034 bypass of manageRedirect in GLPI | 5 May 202021:20 | – | cvelist | |
| [SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32 | 14 May 202002:37 | – | fedora | |
| [SECURITY] Fedora 31 Update: glpi-9.4.6-1.fc31 | 14 May 202002:29 | – | fedora | |
| Fedora 31 : glpi (2020-885e2343ed) | 14 May 202000:00 | – | nessus | |
| FreeBSD : glpi -- bypass of the open redirect protection (3a63f478-3b10-11eb-af2a-080027dbe4b7) | 14 Dec 202000:00 | – | nessus | |
| Linux Distros Unpatched Vulnerability : CVE-2020-11034 | 3 Sep 202500:00 | – | nessus | |
| Updated glpi packages fix security vulnerabilities | 24 May 202018:04 | – | mageia |
id: CVE-2020-11034
info:
name: GLPI <9.4.6 - Open Redirect
author: pikpikcu
severity: medium
description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
remediation: Upgrade to version 9.4.6 or later.
reference:
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
- https://github.com/glpi-project/glpi/archive/9.4.6.zip
- https://nvd.nist.gov/vuln/detail/CVE-2020-11034
- https://lists.fedoraproject.org/archives/list/[email protected]/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-11034
cwe-id: CWE-601,CWE-185
epss-score: 0.07608
epss-percentile: 0.93817
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: glpi-project
product: glpi
shodan-query:
- http.title:"glpi"
- http.favicon.hash:"-1474875778"
fofa-query:
- icon_hash="-1474875778"
- title="glpi"
google-query: intitle:"glpi"
tags: cve,cve2020,redirect,glpi,glpi-project,vuln
http:
- method: GET
path:
- '{{BaseURL}}/index.php?redirect=/\/interact.sh/'
- '{{BaseURL}}/index.php?redirect=//interact.sh'
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$'
# digest: 490a00463044022056ef25b9ab4246f12ff121157d880d9595603f4bf45a333a2f4fde2000cb69a70220119276038b6183c77547784c0cbb505c2828826384a7bf7a30d28397da7e649f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation