The install/install.php endpoint insecurely stores user input into the database as url_base and url_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure Redirection
Impact
Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies, perform actions as the user, etc...
Patches
TODO
For more information
If you have any questions or comments about this advisory:
Email us at glpi-security@ow2.org
SchneiderSec Analyst
The
install/install.phpendpoint insecurely stores user input into the database asurl_baseandurl_base_api. These settings are referenced throughout the application and allow for vulnerabilities like Cross-Site Scripting and Insecure RedirectionImpact
Since authentication is not required to perform these changes,anyone could point these fields at malicious websites or form input in a way to trigger XSS. Leveraging JavaScript it’s possible to steal cookies, perform actions as the user, etc...
Patches
TODO
For more information
If you have any questions or comments about this advisory:
Email us at glpi-security@ow2.org