Lucene search

FreeBSD7F163C81-3B12-11EB-AF2A-080027DBE4B7

HistoryJun 25, 2020 - 12:00 a.m.

glpi -- SQL injection for all usages of "Clone" feature

2020-06-2500:00:00

vuxml.freebsd.org

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

MITRE Corporation reports:

In glpi before 9.5.1, there is a SQL injection for all usages of “Clone” feature. This has been fixed in 9.5.1.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchglpi= 9.5.0,1UNKNOWN
FreeBSDanynoarchglpi< 9.5.1,1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	glpi	= 9.5.0,1	UNKNOWN
FreeBSD	any	noarch	glpi	< 9.5.1,1	UNKNOWN

References

github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba

github.com/glpi-project/glpi/pull/6684

github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for 7F163C81-3B12-11EB-AF2A-080027DBE4B7