Vulnerability CVE-2020-15177: Information
Description
In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
glpi | sisyphus | 9.5.2-alt2 | 10.0.15-alt1 | ALT-PU-2020-3130-1 | 260499 | Fixed |
glpi | p10 | 9.5.2-alt2 | 10.0.15-alt1 | ALT-PU-2020-3130-1 | 260499 | Fixed |
glpi | p9 | 9.5.2-alt2 | 9.5.13-alt1 | ALT-PU-2020-3162-1 | 260536 | Fixed |
glpi | c10f1 | 9.5.2-alt2 | 9.5.13-alt1 | ALT-PU-2020-3130-1 | 260499 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79 |
|
https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796 |
|