CVE-2022-36112

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.

CVSS v3 5.8 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/glpi-project/glpi/commit/ad66d69049ae02bead8ed0f4ee654a458643244e	Patch Third Party Advisory
https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

History

19 Sep 2022, 16:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:glpi-project:glpi::::::::
References	~~(MISC) https://github.com/glpi-project/glpi/commit/ad66d69049ae02bead8ed0f4ee654a458643244e -~~	(MISC) https://github.com/glpi-project/glpi/commit/ad66d69049ae02bead8ed0f4ee654a458643244e - Patch, Third Party Advisory
References	~~(CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv -~~	(CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv - Third Party Advisory
First Time		Glpi-project glpi Glpi-project
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.8

14 Sep 2022, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-14 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-36112

Mitre link : CVE-2022-36112

CVE.ORG link : CVE-2022-36112

JSON object : View

Products Affected

glpi-project

glpi

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-36112", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-09-14T18:15:10.697", "references": [{"url": "https://github.com/glpi-project/glpi/commit/ad66d69049ae02bead8ed0f4ee654a458643244e", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vv", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds."}, {"lang": "es", "value": "GLPI son las siglas de Gestionnaire Libre de Parc Informatique y es un Paquete de Software Libre de Administraci\u00f3n de Activos y TI, que proporciona funciones de Service Desk de ITIL, seguimiento de licencias y auditor\u00eda de software. El uso de los canales RSS o del calendario externo en la planificaci\u00f3n est\u00e1 sujeto a una explotaci\u00f3n de tipo SSRF. Las peticiones del lado del servidor pueden usarse para escanear el puerto del servidor o los servicios abiertos en el servidor GLPI o su red privada. Las respuestas a las consultas no est\u00e1n expuestas al usuario final (SSRF ciego). Es recomendado a usuarios actualizar a versi\u00f3n 10.0.3 para resolver este problema. No se presentan mitigaciones conocidas"}], "lastModified": "2022-09-19T16:13:17.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1118A51-CFED-4D17-8344-EA94C8F77EAD", "versionEndExcluding": "10.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}