CVE-2020-15177 Information
Description
In GLPI before version 9.5.2 the install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changesanyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies perform actions as the user etc. The issue is patched in version 9.5.2.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796
https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79
In
GLPI
before
version
9.5.2
the
install/install.php
endpoint
insecurely
stores
user
input
into
the
database
as
url_base
and
url_base_api.
These
settings
are
referenced
throughout
the
application
and
allow
for
vulnerabilities
like
Cross-Site
Scripting
and
Insecure
Redirection
Since
authentication
is
not
required
to
perform
these
changesanyone
could
point
these
fields
at
malicious
websites
or
form
input
in
a
way
to
trigger
XSS.
Leveraging
JavaScript
it’s
possible
to
steal
cookies
perform
actions
as
the
user
etc.
The
issue
is
patched
in
version
9.5.2.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: