Directory Traversal Vulnerability in Activity Plugin for GLPI
CVE-2022-34126

7.5HIGH

Key Information:

Vendor: Glpi-project
Status: Activity
Vendor: CVE Published:; 16 April 2023

🔔 Create Glpi-project Vulnerability Alert

What is CVE-2022-34126?

The Activity plugin for GLPI versions prior to 3.1.1 is susceptible to a directory traversal vulnerability, which allows attackers to read local files on the server. This can lead to the exposure of sensitive information and may compromise the security of the application. Ensuring that the plugin is updated to version 3.1.1 or later is vital to safeguard against this security issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/InfotelGLPI/activity/releases/tag/3.1.1

https://pentest.blog/advisory-glpi-service-management-sof...

https://github.com/InfotelGLPI/activity/security/advisori...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2023
Vulnerability Reserved
Jun 20, 2022

JSON

Glpi-project

What is CVE-2022-34126?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.