vulnerability
Ubuntu: (CVE-2021-43779): glpi vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jan 5, 2022 | Jun 26, 2025 | Mar 27, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Jan 5, 2022
Added
Jun 26, 2025
Modified
Mar 27, 2026
Description
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
Solution
no-fix-ubuntu-package
References
- CVE-2021-43779
- https://attackerkb.com/topics/CVE-2021-43779
- CWE-20
- CWE-78
- EUVD-EUVD-2021-30684
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-30684
- https://github.com/pluginsGLPI/addressing/commit/6f55964803054a5acb5feda92c7c7f1d91ab5366
- https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
- https://www.cve.org/CVERecord?id=CVE-2021-43779
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.