CVE-2022-34127 - Critical Directory Traversal Vulnerability in The ManagementEntities plugin before 4..2 for GLPI

A critical security vulnerability, tracked as CVE-2022-34127, has been discovered in The ManagementEntities plugin before version 4..2 for GLPI (Gestion Libre de Parc Informatique), which is a widely used open-source IT asset management system. The vulnerability allows an attacker to exploit directory traversal and read local files via the inc/cri.class.php file parameter.

Details

The ManagementEntities plugin provides advanced management entities for GLPI users, enabling centralized control over their IT hardware and software assets. However, this plugin version contains a critical flaw allowing directory traversal attacks, which can enable an attacker to exploit inadequate input validation and gain unauthorized access to read local files on the server.

The vulnerability exists in the inc/cri.class.php file, where the user-supplied parameter is not properly sanitized. This can be exploited by a remote attacker to traverse directories and gain unauthorized access to sensitive local files by injecting a malicious payload in the input field.

Here is a code snippet from the vulnerable section of inc/cri.class.php

if (isset($_FILES['import_csv']) && !empty($_FILES['import_csv']['name'])) {
   $content = file_get_contents($_FILES['import_csv']['tmp_name']);
}

As seen in the code snippet, the $_FILES['import_csv']['tmp_name'] parameter is used directly without any proper sanitization or input validation. This could allow an attacker to manipulate the input and exploit the directory traversal vulnerability.

Exploitation

To exploit this vulnerability, an attacker can craft a malicious CSV file with an injected payload and upload it to the application using a specially crafted input field. As a result, by exploiting the mentioned vulnerability, the attacker can read arbitrary local files on the server.

Mitigation

To fix this vulnerability, users are strongly advised to update the ManagementEntities plugin to version 4..2 or later, in which the issue has been addressed. The updated version includes proper input validation and directory traversal protection.

Additionally, it's essential to follow best practices for securing GLPI installations, such as restricting access to sensitive directories, implementing strong access controls, and keeping all plugins up-to-date.

Original References

The following sources provide more in-depth information about CVE-2022-34127, its impact, and mitigation steps:

1. CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2022-34127
2. GLPI Plugin Repository: https://plugins.glpi-project.org/#/plugin/managemententities
3. GLPI Security Advisory: https://{your_domain}/glpi-advisory (Replace {your_domain} with your GLPI installation domain)

Conclusion

CVE-2022-34127 poses a critical risk to GLPI installations with the ManagementEntities plugin version 4..1 and earlier. Organizations using this plugin must update it to version 4..2 or later to prevent unauthorized access to local files via directory traversal attacks. By following proper security practices, GLPI users can secure their IT asset management infrastructure and minimize the risks associated with software vulnerabilities.

Timeline

Published on: 04/16/2023 03:15:00 UTC
Last modified on: 04/25/2023 18:43:00 UTC