CVE-2021-43779

Description

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2021-43779
Base Score: 9.9
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Impact Score: 6.0
Exploitability Score: 3.1

github
CVE ID: CVE-2021-43779
Base Score: 9.9
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Impact Score: 5.3
Exploitability Score: 3.9

nvd
CVE ID: CVE-2021-43779
Base Score: 9.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:S/C:C/I:C/A:C

Refrence: NVD MITRE

Description​

Description