Directory Traversal Vulnerability in Activity Plugin for GLPI
CVE-2022-34126

7.5HIGH

Key Information:

Vendor
Glpi-project
Status
Activity
Vendor
CVE Published:
16 April 2023

Summary

The Activity plugin for GLPI versions prior to 3.1.1 is susceptible to a directory traversal vulnerability, which allows attackers to read local files on the server. This can lead to the exposure of sensitive information and may compromise the security of the application. Ensuring that the plugin is updated to version 3.1.1 or later is vital to safeguard against this security issue.

References

https://github.com/InfotelGLPI/activity/releases/tag/3.1.1
https://pentest.blog/advisory-glpi-service-management-sof...
https://github.com/InfotelGLPI/activity/security/advisori...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.