Vulnerability Description
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teclib-Edition | Addressing | < 2.9.1 |
Related Weaknesses (CWE)
References
- https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_pluginExploitThird Party Advisory
- https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1PatchThird Party Advisory
- https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jExploitThird Party Advisory
- https://github.com/hansmach1ne/CVE-portfolio/tree/main/CVE-2021-43779
- https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_addressing_pluginExploitThird Party Advisory
- https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1PatchThird Party Advisory
- https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jExploitThird Party Advisory
FAQ
What is CVE-2021-43779?
CVE-2021-43779 is a vulnerability with a CVSS score of 9.9 (CRITICAL). GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability...
How severe is CVE-2021-43779?
CVE-2021-43779 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-43779?
Check the references section above for vendor advisories and patch information. Affected products include: Teclib-Edition Addressing.