SB2023092729 - Multiple vulnerabilities in GLPI
Published: September 27, 2023 Updated: September 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2023-41320)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in UI layout preferences. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) Improper access control (CVE-ID: CVE-2023-41326)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Kanban feature. A remote user can alter any user field and end-up with stealing its account.
3) Improper access control (CVE-ID: CVE-2023-41324)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and steal accounts of other users.
4) External Control of File Name or Path (CVE-ID: CVE-2023-42462)
The vulnerability allows a remote attacker to delete arbitrary files.
The vulnerability exists due to application allows an attacker to control path of the files to delete within the document upload process. A remote user can send a specially crafted HTTP request and delete arbitrary files on the system.
5) Information disclosure (CVE-ID: CVE-2023-41321)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote administrator can gain unauthorized access to sensitive information on the system.
6) Improper access control (CVE-ID: CVE-2023-41322)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can bypass implemented security restrictions and gain elevated privileges.
7) Improper access control (CVE-ID: CVE-2023-41323)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can enumerate users logins.
8) Information disclosure (CVE-ID: CVE-2023-41888)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
9) SQL injection (CVE-ID: CVE-2023-42461)
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in ITIL actors. A remote administrator can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
10) Code Injection (CVE-ID: CVE-2023-42802)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476
- https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9
- https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3
- https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75
- https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836
- https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr
- https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9
- https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp
- https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w
- https://github.com/glpi-project/glpi/releases/tag/10.0.10