CVE-2024-53850
📋 TL;DR
The Addressing GLPI plugin versions 3.0.0 through 3.0.2 contain an information disclosure vulnerability that allows unauthenticated attackers to determine whether specific data exists in the GLPI system by name. This affects all GLPI installations using the vulnerable plugin versions. Attackers can use this to enumerate data and potentially facilitate further attacks.
💻 Affected Systems
- GLPI Addressing Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could enumerate all data names in the system, potentially identifying sensitive information, users, or systems to target for further attacks, leading to data breach or system compromise.
Likely Case
Attackers will enumerate available data names to understand the system layout and identify potential targets for follow-up attacks, increasing the attack surface.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure about data existence without actual data access.
🎯 Exploit Status
The vulnerability requires no authentication and exploitation is straightforward based on the advisory details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.3
Vendor Advisory: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-fw42-79gw-7qr9
Restart Required: No
Instructions:
1. Update the Addressing plugin to version 3.0.3 or later via GLPI plugin management interface. 2. Verify the update completed successfully. 3. Test plugin functionality.
🔧 Temporary Workarounds
Disable Addressing Plugin
allTemporarily disable the vulnerable plugin until patching is possible
Navigate to GLPI Administration > Plugins > Addressing > Disable
Restrict Network Access
allLimit access to GLPI web interface to trusted networks only
Configure firewall rules to restrict access to GLPI port (typically 80/443)
🧯 If You Can't Patch
- Implement strict network access controls to limit GLPI access to authorized users only
- Monitor for unusual enumeration attempts against the GLPI web interface
🔍 How to Verify
Check if Vulnerable:
Check GLPI plugin management interface for Addressing plugin version. If version is between 3.0.0 and 3.0.2 inclusive, system is vulnerable.Check Version:
Check via GLPI web interface: Administration > Plugins > AddressingVerify Fix Applied:
Verify Addressing plugin version is 3.0.3 or higher in GLPI plugin management interface.📡 Detection & Monitoring
Log Indicators:
- Multiple failed or unusual requests to Addressing plugin endpoints from single IP
- Patterns of enumeration-like requests to data endpoints
Network Indicators:
- Unusual HTTP request patterns to /plugins/addressing/ endpoints
- Requests attempting to enumerate data by name
SIEM Query:
source="glpi_access.log" AND (uri="/plugins/addressing/*" OR user_agent="*scanner*") | stats count by src_ip