CVE-2023-35939
📋 TL;DR
This vulnerability in GLPI allows authenticated users (and in some cases unauthenticated users) to bypass access controls and interact with, modify, or view dashboard data. It affects GLPI versions 9.5.0 through 10.0.7. The issue stems from improper authorization checks on dashboard functionality.
💻 Affected Systems
- GLPI
📦 What is this software?
Glpi by Glpi Project
⚠️ Risk & Real-World Impact
Worst Case
An attacker could manipulate critical dashboard data, potentially altering asset management information, creating false alerts, or hiding malicious activity from administrators.
Likely Case
Unauthorized users gain access to sensitive dashboard information they shouldn't see, potentially exposing asset details, IT infrastructure data, or operational metrics.
If Mitigated
With proper network segmentation and strict access controls, impact is limited to dashboard data visibility rather than system compromise.
🎯 Exploit Status
The advisory indicates some actions may be exploitable without authentication, making this particularly dangerous for internet-facing instances.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.0.8
Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c
Restart Required: Yes
Instructions:
1. Backup your GLPI installation and database. 2. Download GLPI 10.0.8 from the official repository. 3. Follow the GLPI upgrade documentation to update to version 10.0.8. 4. Restart your web server service.
🔧 Temporary Workarounds
Restrict Dashboard Access
allTemporarily restrict access to dashboard functionality via web server configuration or application-level controls.
# Example Apache configuration to restrict /dashboard paths
RewriteRule ^/dashboard.*$ - [F,L]
🧯 If You Can't Patch
- Implement strict network access controls to limit GLPI access to authorized users only
- Enable detailed logging and monitoring for dashboard access attempts
🔍 How to Verify
Check if Vulnerable:
Check your GLPI version via the web interface (Setup > General > About) or by examining the GLPI installation files.Check Version:
grep -r "define\('GLPI_VERSION'" /path/to/glpi/inc/ 2>/dev/null || echo 'Check web interface: Setup > General > About'Verify Fix Applied:
After patching, verify the version shows 10.0.8 or higher and test dashboard access controls with different user roles.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to dashboard endpoints
- Unusual dashboard modifications by non-admin users
Network Indicators:
- HTTP requests to dashboard endpoints from unauthorized IPs or users
SIEM Query:
source="glpi_logs" AND (uri_path="/dashboard*" OR event="dashboard_access") AND user_role!="admin"