Unauthenticated Session Theft Vulnerability in GLPI IT Management Software

CVE-2024-50339

What is CVE-2024-50339?

CVE-2024-50339 is a significant vulnerability affecting the GLPI IT Management Software, which is an open-source tool designed for asset and IT management. This vulnerability permits unauthenticated users to access session IDs from valid users, enabling them to hijack active sessions. As a result, organizations utilizing GLPI could face grave security concerns, including unauthorized access to sensitive data and possible tampering with IT assets, ultimately jeopardizing the integrity and confidentiality of their IT management processes.

Technical Details

The vulnerability exists in versions of GLPI from 9.5.0 up to, but not including, 10.0.17. It arises from a flaw in session management that does not adequately restrict access to session identifiers. Consequently, an attacker can exploit this vulnerability without authentication, allowing them to retrieve session IDs of legitimate users. Following this, the attacker can initiate actions as if they were the real user, leading to potential misuse of user privileges.

Potential Impact of CVE-2024-50339

1. Session Hijacking: Attackers can obtain valid session identifiers and impersonate legitimate users, gaining unauthorized access to the GLPI interface and potentially sensitive organizational data.

2. Data Breach Risk: As attackers can manipulate sessions, they might access confidential information stored within the GLPI system, leading to data leaks and breaches that can have legal and reputational repercussions for organizations.

3. Compromise of IT Management: With unauthorized access to the GLPI software, attackers could alter IT asset configurations, execute unauthorized operations, or even disrupt service delivery, posing risks to operational continuity and system integrity.

References