CVE-2021-39211
published 2021-09-15CVE-2021-39211: GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server…
PriorityP276medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.45%
90.2th percentile
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glpi-project | glpi | — | — |
| glpi-project | glpi | >= 9.2 < 9.5.6 | 9.5.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe GET /ajax/telemetry.php (and /glpi/ajax/telemetry.php); a vulnerable instance returns HTTP 200 with both '"uuid":' and '"glpi":' in the response body. ↗
- →Use Shodan query 'http.title:"glpi"' or favicon hash '-1474875778' to identify exposed GLPI instances for further testing. ↗
- →Use FOFA query 'icon_hash="-1474875778"' or 'title="glpi"' to identify exposed GLPI instances. ↗
- →Use Google dork 'intitle:"glpi"' to discover publicly exposed GLPI installations. ↗
- ·The vulnerable endpoint is only present in GLPI versions 9.2 through 9.5.5; version 9.5.6 and later are patched. Confirm version before acting on findings. ↗
- ·The file ajax/telemetry.php can be removed as a workaround without impacting normal GLPI functionality; its absence on a patched or hardened system means the probe will return non-200 and should not be flagged as vulnerable. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2021-39211: GLPI is a free Asset and IT management software package
osv·2021-09-15·CVSS 5.3
CVE-2021-39211 [MEDIUM] CVE-2021-39211: GLPI is a free Asset and IT management software package
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
VulnCheck
GLPI Telemetry Endpoint Information Disclosure
vulncheck·2021·CVSS 5.3
CVE-2021-39211 [MEDIUM] GLPI Telemetry Endpoint Information Disclosure
GLPI Telemetry Endpoint Information Disclosure
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
Affected: glpi-project GLPI
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2021-39211; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-17&host_
No detection rules found.
Nuclei
GLPI 9.2/<9.5.6 - Information Disclosure
nuclei·CVSS 5.3
CVE-2021-39211 [MEDIUM] GLPI 9.2/<9.5.6 - Information Disclosure
GLPI 9.2/<9.5.6 - Information Disclosure
GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2021-39211
info:
name: GLPI 9.2/<9.5.6 - Information Disclosure
author: dogasantos,noraj
severity: medium
description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive i
No writeups or analysis indexed.
2021-09-15
Published
Exploited in the wild