Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

4 matches found

CVE•added 2021/09/15 5:15 p.m.•51 views

CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual functio...

5.3CVSS5.5AI score0.54404EPSS

CVE•added 2021/09/15 5:15 p.m.•49 views

CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.

8.8CVSS7.6AI score0.00351EPSS

CVE•added 2021/09/15 5:15 p.m.•42 views

CVE-2021-39210

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...

6.5CVSS6.3AI score0.00329EPSS

CVE•added 2021/09/15 4:15 p.m.•37 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS