UBUNTU-CVE-2021-43779

Source
https://ubuntu.com/security/CVE-2021-43779
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-43779.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-43779
Related
Published
2022-01-05T19:15:00Z
Modified
2025-06-02T17:13:08Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H CVSS Calculator
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.

References

Affected packages

Ubuntu:Pro:16.04:LTS / glpi

Package

Name
glpi
Purl
pkg:deb/ubuntu/glpi@0.84.8+dfsg.1-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.84.8+dfsg.1-1
0.84.8+dfsg.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}