======================================================================

                                 CERT-Renater

                    Note d'Information No. 2024/VULN529
_____________________________________________________________________

DATE                : 16/12/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running glpi versions prior to 10.0.17.

=====================================================================
https://github.com/glpi-project/glpi/security/advisories/GHSA-v977-g4r9-6r72
https://github.com/glpi-project/glpi/security/advisories/GHSA-3r4x-6pmx-phwr
https://github.com/glpi-project/glpi/security/advisories/GHSA-vjmw-j32j-ph4f
https://github.com/glpi-project/glpi/security/advisories/GHSA-x794-564w-vgxx
_____________________________________________________________________

Unauthenticated session hijacking (Leakymetry)
Critical
cedric-anne published GHSA-v977-g4r9-6r72 Dec 11, 2024

Package
glpi (glpi)

Affected versions
>= 9.5.0

Patched versions
10.0.17


Description

Impact

An unauthenticated user can retrieve all the sessions IDs and use
them to steal any valid session.


Patches

Upgrade to 10.0.17.


For more information

If you have any questions or comments about this advisory, mail us
at glpi-security@ow2.org.


Severity
Critical

9.3/ 10

CVSS v4 base metrics

Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required None
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability Low
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CVE ID
CVE-2024-50339

Weaknesses
CWE-79


Credits

     @Guilhem7 Guilhem7 Reporter


_____________________________________________________________________


Account takeover without privilege escalation through the API
High
cedric-anne published GHSA-3r4x-6pmx-phwr Dec 11, 2024

Package
glpi (glpi)

Affected versions
>= 9.3.0

Patched versions
10.0.17


Description

Impact

An authenticated user can use the API to take control of any user
that have the same or a lower level of privileges.


Patches

Upgrade to 10.0.17.


For more information

If you have any questions or comments about this advisory,
mail us at glpi-security@ow2.org.


Severity
High

7.6 / 10

CVSS v4 base metrics

Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CVE ID
CVE-2024-47758

Weaknesses
CWE-284

Credits

     @qbiguenet qbiguenet Reporter


_____________________________________________________________________


Insecure account deletion by authenticated user
High
cedric-anne published GHSA-vjmw-j32j-ph4f Dec 11, 2024

Package
glpi (glpi)

Affected versions
>= 10.0.0

Patched versions
10.0.17


Description


Impact

An authenticated user can use an application endpoint to delete
any user account.
Patches

Upgrade to 10.0.17.
For more information

If you have any questions or comments about this advisory, mail
us at glpi-security@ow2.org.

Severity
High

7.2 / 10

CVSS v4 base metrics

Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements None
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality None
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2024-48912

Weaknesses
CWE-284

Credits

     @guervild guervild Reporter


_____________________________________________________________________


Account takeover via the password reset feature
High
cedric-anne published GHSA-x794-564w-vgxx Dec 11, 2024

Package
glpi (glpi)

Affected versions
>= 0.80

Patched versions
10.0.17


Description

Impact

An administrator with access to the sent notifications contents
can take control of an account with higher privileges.


Patches

Upgrade to 10.0.17.


For more information

If you have any questions or comments about this advisory, mail us
at glpi-security@ow2.org.

Severity
High

7.5/ 10

CVSS v4 base metrics

Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required High
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2024-47761

Weaknesses
No CWEs

Credits

     @qbiguenet qbiguenet Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================