CVE: CVE-2022-24867

Export to Word

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. When you pass the config to the javascript, some entries are filtered out. The variable ldap_pass is not filtered and when you look at the source code of the rendered page, we can see the password for the root dn. Users are advised to upgrade. There is no known workaround for this issue.

Threat-Mapped Scoring

Score: 3.25

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information
S9 – Sabotage of System/App (+0.25 bonus)

EPSS

Score: 0.00342
Percentile: 0.56155

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor
CWE-522 : Insufficiently Protected Credentials

All CAPEC(s)

CAPEC-102: Session Sidejacking
CAPEC-116: Excavation
CAPEC-13: Subverting Environment Variable Values
CAPEC-169: Footprinting
CAPEC-22: Exploiting Trust in Client
CAPEC-224: Fingerprinting
CAPEC-285: ICMP Echo Request Ping
CAPEC-287: TCP SYN Scan
CAPEC-290: Enumerate Mail Exchange (MX) Records
CAPEC-291: DNS Zone Transfers
CAPEC-292: Host Discovery
CAPEC-293: Traceroute Route Enumeration
CAPEC-294: ICMP Address Mask Request
CAPEC-295: Timestamp Request
CAPEC-296: ICMP Information Request
CAPEC-297: TCP ACK Ping
CAPEC-298: UDP Ping
CAPEC-299: TCP SYN Ping
CAPEC-300: Port Scanning
CAPEC-301: TCP Connect Scan
CAPEC-302: TCP FIN Scan
CAPEC-303: TCP Xmas Scan
CAPEC-304: TCP Null Scan
CAPEC-305: TCP ACK Scan
CAPEC-306: TCP Window Scan
CAPEC-307: TCP RPC Scan
CAPEC-308: UDP Scan
CAPEC-309: Network Topology Mapping
CAPEC-310: Scanning for Vulnerable Software
CAPEC-312: Active OS Fingerprinting
CAPEC-313: Passive OS Fingerprinting
CAPEC-317: IP ID Sequencing Probe
CAPEC-318: IP 'ID' Echoed Byte-Order Probe
CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe
CAPEC-320: TCP Timestamp Probe
CAPEC-321: TCP Sequence Number Probe
CAPEC-322: TCP (ISN) Greatest Common Divisor Probe
CAPEC-323: TCP (ISN) Counter Rate Probe
CAPEC-324: TCP (ISN) Sequence Predictability Probe
CAPEC-325: TCP Congestion Control Flag (ECN) Probe
CAPEC-326: TCP Initial Window Size Probe
CAPEC-327: TCP Options Probe
CAPEC-328: TCP 'RST' Flag Checksum Probe
CAPEC-329: ICMP Error Message Quoting Probe
CAPEC-330: ICMP Error Message Echoing Integrity Probe
CAPEC-472: Browser Fingerprinting
CAPEC-474: Signature Spoofing by Key Theft
CAPEC-497: File Discovery
CAPEC-50: Password Recovery Exploitation
CAPEC-508: Shoulder Surfing
CAPEC-509: Kerberoasting
CAPEC-551: Modify Existing Service
CAPEC-555: Remote Services with Stolen Credentials
CAPEC-560: Use of Known Domain Credentials
CAPEC-561: Windows Admin Shares with Stolen Credentials
CAPEC-573: Process Footprinting
CAPEC-574: Services Footprinting
CAPEC-575: Account Footprinting
CAPEC-576: Group Permission Footprinting
CAPEC-577: Owner Footprinting
CAPEC-59: Session Credential Falsification through Prediction
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-600: Credential Stuffing
CAPEC-616: Establish Rogue Location
CAPEC-643: Identify Shared Files/Directories on System
CAPEC-644: Use of Captured Hashes (Pass The Hash)
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
CAPEC-646: Peripheral Footprinting
CAPEC-651: Eavesdropping
CAPEC-652: Use of Known Kerberos Credentials
CAPEC-653: Use of Known Operating System Credentials
CAPEC-79: Using Slashes in Alternate Encoding

CAPEC(s) with Mapped TTPs

CAPEC-13: Subverting Environment Variable Values
Mapped TTPs:
- T1562.003 : Impair Command History Logging
- T1574.006 : Dynamic Linker Hijacking
- T1574.007 : Path Interception by PATH Environment Variable
CAPEC-169: Footprinting
Mapped TTPs:
- T1217 : Browser Information Discovery
- T1592 : Gather Victim Host Information
- T1595 : Active Scanning
CAPEC-292: Host Discovery
Mapped TTPs:
- T1018 : Remote System Discovery
CAPEC-295: Timestamp Request
Mapped TTPs:
- T1124 : System Time Discovery
CAPEC-300: Port Scanning
Mapped TTPs:
- T1046 : Network Service Discovery
CAPEC-309: Network Topology Mapping
Mapped TTPs:
- T1016 : System Network Configuration Discovery
- T1049 : System Network Connections Discovery
- T1590 : Gather Victim Network Information
CAPEC-312: Active OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-313: Passive OS Fingerprinting
Mapped TTPs:
- T1082 : System Information Discovery
CAPEC-474: Signature Spoofing by Key Theft
Mapped TTPs:
- T1552.004 : Private Keys
CAPEC-497: File Discovery
Mapped TTPs:
- T1083 : File and Directory Discovery
CAPEC-509: Kerberoasting
Mapped TTPs:
- T1558.003 : Kerberoasting
CAPEC-551: Modify Existing Service
Mapped TTPs:
- T1543 : Create or Modify System Process
CAPEC-555: Remote Services with Stolen Credentials
Mapped TTPs:
- T1021 : Remote Services
- T1114.002 : Remote Email Collection
- T1133 : External Remote Services
CAPEC-560: Use of Known Domain Credentials
Mapped TTPs:
- T1078 : Valid Accounts
CAPEC-561: Windows Admin Shares with Stolen Credentials
Mapped TTPs:
- T1021.002 : SMB/Windows Admin Shares
CAPEC-573: Process Footprinting
Mapped TTPs:
- T1057 : Process Discovery
CAPEC-574: Services Footprinting
Mapped TTPs:
- T1007 : System Service Discovery
CAPEC-575: Account Footprinting
Mapped TTPs:
- T1087 : Account Discovery
CAPEC-576: Group Permission Footprinting
Mapped TTPs:
- T1069 : Permission Groups Discovery
- T1615 : Group Policy Discovery
CAPEC-577: Owner Footprinting
Mapped TTPs:
- T1033 : System Owner/User Discovery
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-600: Credential Stuffing
Mapped TTPs:
- T1110.004 : Credential Stuffing
CAPEC-616: Establish Rogue Location
Mapped TTPs:
- T1036.005 : Match Legitimate Resource Name or Location
CAPEC-643: Identify Shared Files/Directories on System
Mapped TTPs:
- T1135 : Network Share Discovery
CAPEC-644: Use of Captured Hashes (Pass The Hash)
Mapped TTPs:
- T1550.002 : Pass the Hash
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
Mapped TTPs:
- T1550.003 : Pass the Ticket
CAPEC-646: Peripheral Footprinting
Mapped TTPs:
- T1120 : Peripheral Device Discovery
CAPEC-651: Eavesdropping
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception
CAPEC-652: Use of Known Kerberos Credentials
Mapped TTPs:
- T1558 : Steal or Forge Kerberos Tickets

Mapped ATT&CK TTPs

T1562.003 : Impair Command History Logging
Kill Chain: defense-evasion
T1574.006 : Dynamic Linker Hijacking
Kill Chain: persistence
T1574.007 : Path Interception by PATH Environment Variable
Kill Chain: persistence
T1217 : Browser Information Discovery
Kill Chain: discovery
T1592 : Gather Victim Host Information
Kill Chain: reconnaissance
T1595 : Active Scanning
Kill Chain: reconnaissance
T1018 : Remote System Discovery
Kill Chain: discovery
T1124 : System Time Discovery
Kill Chain: discovery
T1046 : Network Service Discovery
Kill Chain: discovery
T1016 : System Network Configuration Discovery
Kill Chain: discovery
T1049 : System Network Connections Discovery
Kill Chain: discovery
T1590 : Gather Victim Network Information
Kill Chain: reconnaissance
T1082 : System Information Discovery
Kill Chain: discovery
T1082 : System Information Discovery
Kill Chain: discovery
T1552.004 : Private Keys
Kill Chain: credential-access
T1083 : File and Directory Discovery
Kill Chain: discovery
T1558.003 : Kerberoasting
Kill Chain: credential-access
T1543 : Create or Modify System Process
Kill Chain: persistence
T1021 : Remote Services
Kill Chain: lateral-movement
T1114.002 : Remote Email Collection
Kill Chain: collection
T1133 : External Remote Services
Kill Chain: persistence
T1078 : Valid Accounts
Kill Chain: defense-evasion
T1021.002 : SMB/Windows Admin Shares
Kill Chain: lateral-movement
T1057 : Process Discovery
Kill Chain: discovery
T1007 : System Service Discovery
Kill Chain: discovery
T1087 : Account Discovery
Kill Chain: discovery
T1069 : Permission Groups Discovery
Kill Chain: discovery
T1615 : Group Policy Discovery
Kill Chain: discovery
T1033 : System Owner/User Discovery
Kill Chain: discovery
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1110.004 : Credential Stuffing
Kill Chain: credential-access
T1036.005 : Match Legitimate Resource Name or Location
Kill Chain: defense-evasion
T1135 : Network Share Discovery
Kill Chain: discovery
T1550.002 : Pass the Hash
Kill Chain: defense-evasion
T1550.003 : Pass the Ticket
Kill Chain: defense-evasion
T1120 : Peripheral Device Discovery
Kill Chain: discovery
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1558 : Steal or Forge Kerberos Tickets
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

C0027
Operation Wocao
FunnyDream
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
Juicy Mix
CostaRicto
Operation Honeybee
2016 Ukraine Electric Power Attack
RedDelta Modified PlugX Infection Chain Operations
2015 Ukraine Electric Power Attack
C0018
Operation Dream Job
C0015
Frankenstein
Outer Space
APT28 Nearest Neighbor Campaign
Night Dragon
Leviathan Australian Intrusions
ShadowRay
Operation MidnightEclipse
C0032
HomeLand Justice
C0017
Operation Sharpshooter
Cutting Edge
J-magic Campaign
Triton Safety Instrumented System Attack
KV Botnet Activity

Affected Products

cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*

← Back to Home