GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
References
Link | Resource |
---|---|
https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_plugin | Exploit Third Party Advisory |
https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366 | Patch Third Party Advisory |
https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-01-05T18:45:11
Updated: 2022-06-16T18:00:25
Reserved: 2021-11-16T00:00:00
Link: CVE-2021-43779
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-05T19:15:08.627
Modified: 2022-08-09T00:52:26.057
Link: CVE-2021-43779
JSON object: View
Redhat Information
No data.