admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/39xxx/CVE-2021-39211.json

88 lines
3.0 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
{
"CVE_data_meta": {
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
"ASSIGNER": "security-advisories@github.com",
"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
"ID": "CVE-2021-39211",
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
"STATE": "PUBLIC",
"TITLE": "Disclosure of GLPI and server information in telemetry endpoint"
"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
},
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glpi",
"version": {
"version_data": [
{
"version_value": ">= 9.2, < 9.5.6"
}
]
}
}
]
},
"vendor_name": "glpi-project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
"description": {
"description_data": [
{
"lang": "eng",
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
"value": "GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
}
]
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
},
"references": {
"reference_data": [
{
"name": "https://github.com/glpi-project/glpi/releases/tag/9.5.6",
"refsource": "MISC",
"url": "https://github.com/glpi-project/glpi/releases/tag/9.5.6"
"-Synchronized-Data."
2021-09-15 17:01:01 +00:00
},
{
"name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825"
Add CVE-2021-39211 for GHSA-xx66-v3g5-w825 Add CVE-2021-39211 for GHSA-xx66-v3g5-w825
2021-09-15 16:51:42 +00:00
}
]
},
"source": {
"advisory": "GHSA-xx66-v3g5-w825",
"discovery": "UNKNOWN"
"-Synchronized-Data."
2021-08-16 21:01:42 +00:00
}
}
Reference in New Issue Copy Permalink