PT-2021-22461 · Glpi+1 · Glpi+1

Am0O0

Published

2021-09-15

Updated

2024-05-22

CVE-2021-39209

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 9.5.6

Description The issue allows a malicious actor to bypass Cross-Site Request Forgery (CSRF) protection in many places, enabling them to perform various actions on GLPI. This can be exploited by a user who is logged in to GLPI.

Recommendations For versions prior to 9.5.6, upgrade to version 9.5.6 to resolve the issue. At the moment, there is no information about other workarounds aside from upgrading.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2021-3030

ALT-PU-2021-3038

ALT-PU-2021-3059

ALT-PU-2024-8094

CVE-2021-39209

GHSA-5QPF-32W7-C56P

Affected Products

Alt Linux

Glpi

PT-2021-22461 · Glpi+1 · Glpi+1

CVE-2021-39209

Weakness Enumeration

Related Identifiers

Affected Products

References · 8