CVE-2022-39276

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p	Third Party Advisory
https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

History

03 Nov 2022, 17:57

Type	Values Removed	Values Added
First Time		Glpi-project Glpi-project glpi
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CWE		CWE-918
CPE		cpe:2.3:a:glpi-project:glpi::::::::
References	~~(MISC) https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/ -~~	(MISC) https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/ - Exploit, Third Party Advisory
References	~~(CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p -~~	(CONFIRM) https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p - Third Party Advisory

03 Nov 2022, 14:34

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-03 14:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-39276

Mitre link : CVE-2022-39276

CVE.ORG link : CVE-2022-39276

JSON object : View

Products Affected

glpi-project

glpi

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2022-39276", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-11-03T14:15:23.200", "references": [{"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds."}, {"lang": "es", "value": "GLPI significa Gestionnaire Libre de Parc Informatique. GLPI es un paquete gratuito de software de gesti\u00f3n de TI y activos que proporciona funciones de ITIL Service Desk, seguimiento de licencias y auditor\u00eda de software. El uso de fuentes RSS o un calendario externo en la planificaci\u00f3n est\u00e1 sujeto a explotaci\u00f3n de la SSRF. En caso de que un script remoto devuelva una respuesta de redireccionamiento, la URL de destino de la redirecci\u00f3n no se compara con la lista de URL permitidas definida por el administrador. Este problema ha sido solucionado; actualice a 10.0.4. Actualmente no se conocen workarounds."}], "lastModified": "2022-11-03T17:57:00.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3788F7-1D17-4A55-AD12-A1899162909C", "versionEndExcluding": "10.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}