Directory Traversal Vulnerability in Activity Plugin for GLPI
CVE-2022-34126

7.5HIGH

Key Information:

Vendor: Glpi-project
Status: Activity
Vendor: CVE Published:; 16 April 2023

🔔 Create Glpi-project Vulnerability Alert

What is CVE-2022-34126?

The Activity plugin for GLPI versions prior to 3.1.1 is susceptible to a directory traversal vulnerability, which allows attackers to read local files on the server. This can lead to the exposure of sensitive information and may compromise the security of the application. Ensuring that the plugin is updated to version 3.1.1 or later is vital to safeguard against this security issue.

References

https://github.com/InfotelGLPI/activity/releases/tag/3.1.1

https://pentest.blog/advisory-glpi-service-management-sof...

https://github.com/InfotelGLPI/activity/security/advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2023
Vulnerability Reserved
Jun 20, 2022