CVE-2023-28634 – This vulnerability allows a user with Technicia... (How to Fix)

Q: What is the severity of CVE-2023-28634?

CVE-2023-28634 has a CVSS score of 8.8 (HIGH). This vulnerability allows a user with Technician profile in GLPI to generate a personal token for a Super-Admin account, enabling privilege escalation to administrative access. It affects GLPI versions 0.83 through 9.5.12 and 10.0.6. Attackers can hijack Super-Admin sessions and gain full system control.

📋 TL;DR

This vulnerability allows a user with Technician profile in GLPI to generate a personal token for a Super-Admin account, enabling privilege escalation to administrative access. It affects GLPI versions 0.83 through 9.5.12 and 10.0.6. Attackers can hijack Super-Admin sessions and gain full system control.

💻 Affected Systems

Products:

GLPI

Versions: 0.83 through 9.5.12 and 10.0.6

Operating Systems: All platforms running GLPI

Default Config Vulnerable: ⚠️ Yes

Notes: Requires at least one user with Technician profile. All GLPI installations within the affected version range are vulnerable by default.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain Super-Admin privileges, potentially accessing sensitive data, modifying configurations, and deploying malware across the IT infrastructure.

🟠

Likely Case

Unauthorized administrative access leading to data theft, configuration changes, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact if proper access controls, network segmentation, and monitoring are in place to detect unusual administrative activity.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with Technician privileges. The attack vector is straightforward once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.5.13 or 10.0.7

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39

Restart Required: No

Instructions:

1. Backup your GLPI database and files. 2. Download the patched version (9.5.13 or 10.0.7) from the official GLPI repository. 3. Follow the standard GLPI upgrade procedure for your version. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Technician Profile Access

all

Temporarily remove or restrict Technician profile permissions until patching can be completed.

# Review and modify user profiles in GLPI administration panel
# Consider temporarily disabling Technician accounts if not critical

Network Segmentation

all

Isolate GLPI instances from critical systems and implement strict network access controls.

# Configure firewall rules to restrict GLPI access
# Implement VLAN segmentation for GLPI servers

🧯 If You Can't Patch

Implement strict monitoring of user token generation and Super-Admin account activity
Reduce the number of Technician accounts and implement least privilege access controls

🔍 How to Verify

Check if Vulnerable:

Check GLPI version in administration panel or via 'php glpi/console.php version' command. If version is between 0.83-9.5.12 or exactly 10.0.6, the system is vulnerable.

Check Version:

php glpi/console.php version

Verify Fix Applied:

After upgrade, verify version is 9.5.13 or 10.0.7. Test that Technician users cannot generate tokens for Super-Admin accounts.

📡 Detection & Monitoring

Log Indicators:

Unusual token generation events
Multiple failed login attempts followed by successful Super-Admin login
User privilege escalation logs

Network Indicators:

Unusual administrative access patterns
Traffic from unexpected sources to GLPI administrative endpoints

SIEM Query:

source="glpi" AND (event="token_generation" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-28634

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

Published: April 5, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/glpi-project/glpi/releases/tag/10.0.7 Patch,Release Notes
https://github.com/glpi-project/glpi/releases/tag/9.5.13 Patch,Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39 Vendor Advisory
https://github.com/glpi-project/glpi/releases/tag/10.0.7 Patch,Release Notes
https://github.com/glpi-project/glpi/releases/tag/9.5.13 Patch,Release Notes
https://github.com/glpi-project/glpi/security/advisories/GHSA-4279-rxmh-gf39 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28634, you might also want to check these: