vulnerability

Ubuntu: (CVE-2021-43779): glpi vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jan 5, 2022	Jun 26, 2025	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jan 5, 2022

Added

Jun 26, 2025

Modified

Aug 18, 2025

Description

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.

Solution

no-fix-ubuntu-package

References

CVE-2021-43779
https://attackerkb.com/topics/CVE-2021-43779
CWE-20
CWE-78
URL-https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366
URL-https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
URL-https://www.cve.org/CVERecord?id=CVE-2021-43779

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today