GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
References
Link | Resource |
---|---|
https://github.com/glpi-project/glpi/releases/tag/9.5.6 | Release Notes Third Party Advisory |
https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-09-15T16:55:10
Updated: 2021-09-15T16:55:10
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39211
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-15T17:15:10.267
Modified: 2022-08-05T11:00:24.913
Link: CVE-2021-39211
JSON object: View
Redhat Information
No data.