SB20231213116 - Multiple vulnerabilities in GLPI

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2023-46726)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper access control in the LDAP server configuration form when referencing a previously uploaded GLPI document on PHP 7.4. A remote privileged user can use the form to execute arbitrary code previously uploaded as a GLPI document to execute arbitrary code.

Only PHP 7.4 installations are vulnerable.

2) SQL injection (CVE-ID: CVE-2023-46727)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to sql injection in the inventory endpoint when handling inventory agent requests. A remote attacker can send a specially crafted request to disclose sensitive information.

3) SQL injection (CVE-ID: CVE-2023-43813)

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to sql injection in the saved search feature when processing saved search input. A remote user can submit a specially crafted saved search to disclose sensitive information.

Remediation

Install update from vendor's website.

References

• https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95
• https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr
• https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362