Glpi Security Vulnerabilities and Issues — Glpi CVE List

Lucene search

Glpi-projectGlpi

14 matches found

CVE•added 2021/03/08 5:15 p.m.•88 views

CVE-2021-21325

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 a new budget type can be defined by user. This input is not correctly filtered. This results in a cross-site scripting atta...

6.2CVSS5.2AI score0.00347EPSS

CVE•added 2021/03/08 5:15 p.m.•87 views

CVE-2021-21327

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to ca...

7.5CVSS6.8AI score0.003EPSS

CVE•added 2021/05/26 10:15 p.m.•60 views

CVE-2021-3486

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code.

6.1CVSS6AI score0.00705EPSS

CVE•added 2021/09/15 5:15 p.m.•51 views

CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual functio...

5.3CVSS5.5AI score0.54404EPSS

CVE•added 2021/03/03 8:15 p.m.•49 views

CVE-2021-21313

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not prope...

6.1CVSS5.7AI score0.00388EPSS

CVE•added 2021/09/15 5:15 p.m.•49 views

CVE-2021-39213

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.

8.8CVSS7.6AI score0.00351EPSS

CVE•added 2021/03/03 8:15 p.m.•47 views

CVE-2021-21314

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.

5.4CVSS5.2AI score0.00321EPSS

CVE•added 2021/03/08 5:15 p.m.•47 views

CVE-2021-21324

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the abili...

6.8CVSS6.6AI score0.00312EPSS

CVE•added 2021/03/02 8:15 p.m.•45 views

CVE-2021-21255

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.

5.8CVSS5.7AI score0.00279EPSS

CVE•added 2021/03/03 8:15 p.m.•42 views

CVE-2021-21312

GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/docume...

5.4CVSS5.4AI score0.00321EPSS

CVE•added 2021/09/15 5:15 p.m.•42 views

CVE-2021-39210

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...

6.5CVSS6.3AI score0.00329EPSS

CVE•added 2021/03/02 8:15 p.m.•41 views

CVE-2021-21258

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed i...

6.8CVSS5.8AI score0.00281EPSS

CVE•added 2021/03/08 5:15 p.m.•39 views

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fi...

7.7CVSS6.5AI score0.00211EPSS

CVE•added 2021/09/15 4:15 p.m.•37 views

CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

8.8CVSS8.7AI score0.00137EPSS