Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-39209
CVE-2021-39209:
GLPI vulnerability analysis and mitigation
Overview
GLPI versions prior to 9.5.6 contained a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2021-39209. The vulnerability was discovered and disclosed on September 15, 2021. This security issue affected the CSRF protection mechanism in GLPI, a free IT asset management software (GLPI Release).
Technical details
The vulnerability allowed CSRF protection to be bypassed at multiple locations within the application when a user was logged into GLPI. This weakness was classified as CWE-352 (Cross-Site Request Forgery). The severity of this vulnerability was rated as High (GitHub Advisory).
Impact
The vulnerability enabled malicious websites to perform unauthorized actions on GLPI through the authenticated user's session. This could potentially allow attackers to execute various operations within GLPI without the user's knowledge or consent (GitHub Advisory).
Mitigation and workarounds
The vulnerability was patched in GLPI version 9.5.6. No workarounds were available for this vulnerability, making upgrading to version 9.5.6 or later the only solution to address this security issue (GLPI Release).
Additional resources
Source: This report was generated using AI
Related GLPI vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management