CVE-2011-2720
published 2011-08-05CVE-2011-2720: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.85%
85.0th percentile
The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | <= 0.80.1 | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
| glpi-project | glpi | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [fedora-all]
bugzilla·2011-07-27·CVSS 5.0
CVE-2011-2720 [MEDIUM] CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [fedora-all]
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=726185
Bugzilla
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-5]
bugzilla·2011-07-27·CVSS 5.0
CVE-2011-2720 [MEDIUM] CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-5]
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-5]
epel-5 tracking bug for glpi: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
glpi-0.78.5-3.svn14966.el5, glpi-data-injection-2.0.2-1.el5, glpi-mass-ocs-import-1.4.2-1.el5, glpi-pdf-0.7.2-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/glpi-0.78.5-3.svn14966.el5,glpi-data-injection-2.0.2-1.el5,glpi-mass-ocs-import-1.4.2-1.el5,glpi-pdf-0.7.2-1.el5
---
glpi-0.78.5-3.svn14966.el5, glpi-data-injection-2.0.2-1.el5, glpi-mass-ocs-import-1.4.2-1.el5, glpi-pdf-
Bugzilla
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password
bugzilla·2011-07-27·CVSS 5.0
CVE-2011-2720 [MEDIUM] CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password
It was found that GLPI, the Information Resource-Manager with an additional Administration-Interface, did not properly blacklist certain sensitive variables (like GLPI username and password). A remote attacker could use this flaw to obtain access to plaintext form of these values via specially-crafted HTTP POST request.
References:
[1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
[2] https://forge.indepnet.net/projects/glpi/versions/605
[3] https://forge.indepnet.net/issues/3017
Relevant patches:
[4] https://forge.indepnet.net/projects/glpi/repository/revisions/14951
[5] https://forge.indepnet.net/projects/glpi/repository/revisions/14952
[6] https://forge.ind
Bugzilla
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-6]
bugzilla·2011-07-27·CVSS 5.0
CVE-2011-2720 [MEDIUM] CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-6]
CVE-2011-2720 glpi: does not properly blacklist certain sensitive variables, like username and password [epel-6]
epel-6 tracking bug for glpi: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
glpi-0.78.5-2.svn14966.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/glpi-0.78.5-2.svn14966.el6
---
glpi-0.78.5-2.svn14966.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.htmlhttp://secunia.com/advisories/45366http://secunia.com/advisories/45542http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=enhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:014http://www.openwall.com/lists/oss-security/2011/07/25/7http://www.openwall.com/lists/oss-security/2011/07/26/11http://www.securityfocus.com/bid/48884https://bugzilla.redhat.com/show_bug.cgi?id=726185https://forge.indepnet.net/issues/3017https://forge.indepnet.net/projects/glpi/repository/revisions/14951https://forge.indepnet.net/projects/glpi/repository/revisions/14952https://forge.indepnet.net/projects/glpi/repository/revisions/14954https://forge.indepnet.net/projects/glpi/repository/revisions/14955https://forge.indepnet.net/projects/glpi/repository/revisions/14956https://forge.indepnet.net/projects/glpi/repository/revisions/14957https://forge.indepnet.net/projects/glpi/repository/revisions/14958https://forge.indepnet.net/projects/glpi/repository/revisions/14960https://forge.indepnet.net/projects/glpi/repository/revisions/14966https://forge.indepnet.net/projects/glpi/versions/605http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063408.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063679.htmlhttp://secunia.com/advisories/45366http://secunia.com/advisories/45542http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=enhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:014http://www.openwall.com/lists/oss-security/2011/07/25/7http://www.openwall.com/lists/oss-security/2011/07/26/11http://www.securityfocus.com/bid/48884https://bugzilla.redhat.com/show_bug.cgi?id=726185https://forge.indepnet.net/issues/3017https://forge.indepnet.net/projects/glpi/repository/revisions/14951https://forge.indepnet.net/projects/glpi/repository/revisions/14952https://forge.indepnet.net/projects/glpi/repository/revisions/14954https://forge.indepnet.net/projects/glpi/repository/revisions/14955https://forge.indepnet.net/projects/glpi/repository/revisions/14956https://forge.indepnet.net/projects/glpi/repository/revisions/14957https://forge.indepnet.net/projects/glpi/repository/revisions/14958https://forge.indepnet.net/projects/glpi/repository/revisions/14960https://forge.indepnet.net/projects/glpi/repository/revisions/14966https://forge.indepnet.net/projects/glpi/versions/605
2011-08-05
Published