9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.7%
GLPI is an open source IT Asset Management, issue tracking system and
service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers
from authenticated Remote Code Execution vulnerability, allowing access to
the server’s underlying operating system using command injection abuse of
functionality. There is no workaround for this issue and users are advised
to upgrade or to disable the addressing plugin.
github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366
github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
launchpad.net/bugs/cve/CVE-2021-43779
nvd.nist.gov/vuln/detail/CVE-2021-43779
security-tracker.debian.org/tracker/CVE-2021-43779
www.cve.org/CVERecord?id=CVE-2021-43779
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.7%