FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a467439-3b38-11eb-af2a-080027dbe4b7glpi -- Any CalDAV calendars is read-only for every authenticated user

MITRE Corporation reports:

In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV server.


Discovery 2020-10-01
Entry 2020-10-01
glpi
gt 9.5.0

< 9.5.3

https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw3-87hr-5wgx
https://github.com/glpi-project/glpi/commit/527280358ec78988ac57e9809d2eb21fcd74caf7
https://github.com/glpi-project/glpi/releases/tag/9.5.3
CVE-2020-26212
07aecafa-3b12-11eb-af2a-080027dbe4b7glpi -- Reflexive XSS in Dropdown menus

MITRE Corporation reports:

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6.


Discovery 2020-03-30
Entry 2020-03-30
glpi
gt 0.68.1

< 9.4.6

https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
CVE-2020-11062
09eef008-3b16-11eb-af2a-080027dbe4b7glpi -- Unauthenticated Stored XSS

MITRE Corporation reports:

In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it's possible to steal cookies, perform actions as the user, etc. The issue is patched in version 9.5.2.


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 0.65

< 9.5.2

https://github.com/glpi-project/glpi/commit/a8109d4ee970a222faf48cf48fae2d2f06465796
https://github.com/glpi-project/glpi/security/advisories/GHSA-prvh-9m4h-4m79
CVE-2020-15177
b64edef7-3b10-11eb-af2a-080027dbe4b7glpi -- weak csrf tokens

MITRE Corporation reports:

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.


Discovery 2020-03-30
Entry 2020-03-30
glpi
gt 0.83.3

< 9.4.6

https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
CVE-2020-11035
aec9cbe0-3b0f-11eb-af2a-080027dbe4b7glpi -- able to read any token through API user endpoint

MITRE Corporation reports:

In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6.


Discovery 2020-03-30
Entry 2020-03-30
glpi
gt 9.1

< 9.4.6

https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
CVE-2020-11033
5acd95db-3b16-11eb-af2a-080027dbe4b7glpi -- leakage issue with knowledge base

MITRE Corporation reports:

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the FAQ.


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 9.5.0

< 9.5.2

https://github.com/glpi-project/glpi/commit/39e25591efddc560e3679ab07e443ee6198705e2
https://github.com/glpi-project/glpi/security/advisories/GHSA-x9hg-j29f-wvvv
CVE-2020-15217
b7abdb0f-3b15-11eb-af2a-080027dbe4b7glpi -- Multiple SQL Injections Stemming From isNameQuoted()

MITRE Corporation reports:

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur. Leveraging this vulnerability an attacker is able to exfiltrate sensitive information like passwords, reset tokens, personal details, and more. The issue is patched in version 9.5.2


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 0.68

< 9.5.2

https://github.com/glpi-project/glpi/commit/f021f1f365b4acea5066d3e57c6d22658cf32575
https://github.com/glpi-project/glpi/security/advisories/GHSA-x93w-64x9-58qw
CVE-2020-15176
7f163c81-3b12-11eb-af2a-080027dbe4b7glpi -- SQL injection for all usages of "Clone" feature

MITRE Corporation reports:

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in 9.5.1.


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 9.5.0

< 9.5.1

https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v
https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba
https://github.com/glpi-project/glpi/pull/6684
CVE-2020-15108
0ba61fcc-3b38-11eb-af2a-080027dbe4b7glpi -- SQL Injection in Search API

MITRE Corporation reports:

In GLPI before version 9.5.2, there is a SQL Injection in the API's search function. Not only is it possible to break the SQL syntax, but it is also possible to utilise a UNION SELECT query to reflect sensitive information such as the current database version, or database user. The most likely scenario for this vulnerability is with someone who has an API account to the system. The issue is patched in version 9.5.2. A proof-of-concept with technical details is available in the linked advisory.


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 9.1

< 9.5.2

https://github.com/glpi-project/glpi/commit/3dc4475c56b241ad659cc5c7cb5fb65727409cf0
https://github.com/glpi-project/glpi/security/advisories/GHSA-jwpv-7m4h-5gvc
CVE-2020-15226
675e5098-3b15-11eb-af2a-080027dbe4b7glpi -- Unauthenticated File Deletion

MITRE Corporation reports:

In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in /files/. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.


Discovery 2020-06-25
Entry 2020-06-25
glpi
gt 0.70

< 9.5.2

https://github.com/glpi-project/glpi/security/advisories/GHSA-rm52-jx9h-rwcp
https://github.com/glpi-project/glpi/commit/6ca9a0e77299a755c356d758344a23278df67f65
CVE-2020-15175