CVE-2020-11033Sensitive Information Exposure in Glpi

CWE-200Sensitive Information Exposure5 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.4%
top 36.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Glpi-project GlpiFedoraproject Fedora
Timeline
PublishedMay 5
Latest updateMay 11

Description

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDglpi-project/glpi9.19.4.6
CVEListV5glpi-project/glpi>9.1, < 9.4.6

Also affects: Fedora 31, 32

🔴Vulnerability Details

1
OSV
CVE-2020-11033: In GLPI from version 92020-05-05

💬Community

3
Bugzilla
CVE-2020-11033 glpi: any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User2020-05-11
Bugzilla
CVE-2020-11033 glpi: any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User [epel-7]2020-05-11
Bugzilla
CVE-2020-11033 glpi: any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User [fedora-all]2020-05-11