CVE-2022-39375: GLPI Public RSS Feed Code Injection Vulnerability

Gestionnaire Libre de Parc Informatique (GLPI) is an open-source software package that aids organizations in managing their IT resources. IT departments rely on GLPI for its comprehensive features, such as ITIL Service Desk, license tracking, and software auditing capabilities. However, a vulnerability was recently discovered in this popular software, affecting versions up to 10..3, that allows malicious users to create public RSS feeds targeted at injecting harmful code into the dashboards of unsuspecting victims. Thankfully, this issue has now been resolved with the release of GLPI version 10..4.

In this long read post, we will explore the details of this vulnerability, CVE-2022-39375, the risks associated with it, how attackers could potentially exploit it, and what you can do to protect your GLPI environment.

Vulnerability Description

CVE-2022-39375 is an executable code deployment risk that permits attackers to alter the content of public RSS feeds by injecting malicious code. As a result, all users with access to the shared dashboard are exposed to the harmful code without knowing it.

This vulnerability exists in GLPI versions up to and including 10..3. The software developers have released a patch, so upgrading to version 10..4 or later is strongly recommended.

Exploit Details

To exploit this vulnerability, an attacker would need to create a public RSS feed on the GLPI platform. Subsequently, malicious code would be injected into the content of this feed. When other users add or access the tampered RSS feed to their dashboards, their environments become compromised, allowing a potential attacker to gain unauthorized privileges, steal sensitive data, or disrupt the system operations.

Here's an example of how an attacker could insert harmful code into an RSS feed with a malicious code snippet:

<!DOCTYPE html>
<html>
<head>
  <title>CVE-2022-39375 Malicious RSS Feed</title>
</head>
<body>
  <h3>Breaking News</h3>
  <p>[Legitimate Content]</p>
  <script>
    // Malicious code inserted in the RSS feed
    function exploit() {
      // Perform unauthorized actions or data theft
    }
    exploit();
  </script>
</body>
</html>

Mitigation Steps

The only known effective measure for safeguarding against this vulnerability is updating to GLPI version 10..4. The developers have taken steps to ensure this issue is resolved in this release, thereby offering a robust solution for users.

To upgrade your GLPI installation, follow the steps outlined in the official documentation.

Please note that there are currently no known workarounds for this vulnerability. Hence, it is crucial to upgrade your GLPI environment as soon as possible to prevent any potential attacks.

References

- CVE Details: CVE-2022-39375
- GLPI Official Site: https://glpi-project.org/
- GLPI Update Documentation: https://glpi-install.readthedocs.io/en/latest/update/index.html

Conclusion

As an organization relying on GLPI for IT asset and service management, it is crucial to prioritize security and protection against emerging threats. CVE-2022-39375 sheds light on the need to remain vigilant and maintain awareness of vulnerabilities within the software. In this particular instance, the mitigation technique involves updating GLPI to the latest version, 10..4. It is essential to regularly monitor your installed programs, apply patches promptly, and adopt a proactive stance towards cybersecurity to keep your IT environment and valuable assets safe.

Timeline

Published on: 11/03/2022 16:15:00 UTC
Last modified on: 11/03/2022 19:04:00 UTC