vulnerability
Ubuntu: (CVE-2021-39210): glpi vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:P/I:N/A:N) | Sep 15, 2021 | Jun 26, 2025 | Aug 18, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Sep 15, 2021
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature.
Solution
no-fix-ubuntu-package
References
- CVE-2021-39210
- https://attackerkb.com/topics/CVE-2021-39210
- CWE-1004
- CWE-732
- URL-https://github.com/glpi-project/glpi/releases/tag/9.5.6
- URL-https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2
- URL-https://huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/
- URL-https://www.cve.org/CVERecord?id=CVE-2021-39210
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.