| Vulnerability Name: | CVE-2020-11033 (CCN-181613) | ||||||||||||
| Assigned: | 2020-05-05 | ||||||||||||
| Published: | 2020-05-05 | ||||||||||||
| Updated: | 2021-09-14 | ||||||||||||
| Summary: | In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6. | ||||||||||||
| CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-11033 Source: XF Type: UNKNOWN glpi-cve202011033-priv-esc(181613) Source: CCN Type: GLPI GIT Repository Able to read any token through API user endpoint Source: CONFIRM Type: Vendor Advisory https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-885e2343ed Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2020-ee30e1109f | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||