Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:1 p.m.5 views

CVE-2022-36112

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...

5.8CVSS6.8AI score0.00459EPSS
Exploits0References1
Huntr
Huntr
added 2022/10/02 6:56 p.m.26 views

SSRF in feeds

Description By looking at this URL : https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv, I understand that a SSRF was possible in the URL of the RSS feed, and in fact, this has been fix. Howerver, I found a bypass to CVE-2022-36112. Proof of Concept To trigger the bug,...

0.00459EPSS
Exploits0
ALT Linux
ALT Linux
added 2022/09/23 12:0 a.m.36 views

Security fix for the ALT Linux 9 package glpi version 9.5.9-alt1

9.5.9-alt1 built Sept. 23, 2022 Pavel Zilke in task 307140 Sept. 14, 2022 Pavel Zilke - New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API +...

8.6AI score0.99628EPSS
Exploits13
ALT Linux
ALT Linux
added 2022/09/16 12:0 a.m.117 views

Security fix for the ALT Linux 10 package glpi version 9.5.9-alt1

9.5.9-alt1 built Sept. 16, 2022 Pavel Zilke in task 306811 Sept. 14, 2022 Pavel Zilke - New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API +...

8.6AI score0.99628EPSS
Exploits13
OSV
OSV
added 2022/09/14 5:45 p.m.27 views

CVE-2022-36112 Blind Server-Side Request Forgery (SSRF) in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests ca...

3.5CVSS6.1AI score0.00459EPSS
Exploits0References4
CVE
CVE
added 2022/09/14 5:45 p.m.76 views

CVE-2022-36112

GLPI (Gestionnaire Libre de Parc Informatique) contains a blind Server-Side Request Forgery (SSRF) vulnerability (CVE-2022-36112) affecting RSS feeds and planning features. The underlying issue allows server-side requests to be made from the GLPI server to internal ports/services on its private n...

5.8CVSS5AI score0.00459EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder