CVE-2021-21324

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.4

Description The issue concerns an Insecure Direct Object Reference (IDOR) on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search form, which requires authentication. The exploitation involves modifying the item itemtype parameter in the URL of the /glpi/front/knowbaseitem.php endpoint to point to different tables, such as changing Ticket to Users, and guessing incremental IDs.

Recommendations For versions prior to 9.5.4, update to version 9.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the knowbase search form and the /glpi/front/knowbaseitem.php endpoint to minimize the risk of exploitation. Avoid using the item itemtype and item items id parameters in the affected endpoint until the issue is resolved.