QSearchQSearch

CVE-2021-39211

5.3 MEDIUM

GLPI is a free Asset and IT management software package

Published: 2021-09-15 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-200

Affected products

VendorProduct
glpi-projectglpi

Description

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-32312 GLPI is a free asset and IT management software package (4.3 MEDIUM)
  • CVE-2021-39213 GLPI is a free Asset and IT management software package (6.8 MEDIUM)
  • CVE-2021-39210 GLPI is a free Asset and IT management software package (6.5 MEDIUM)
  • CVE-2021-39209 GLPI is a free Asset and IT management software package (8.8 HIGH)
  • CVE-2021-3486 GLPi 9.5.4 does not sanitize the metadata (6.1 MEDIUM)

Same CWE

  • CVE-2026-12117 Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to ...
  • CVE-2026-12320 Information disclosure in the Password Manager component (4.3 MEDIUM)
  • CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component (4.7 MEDIUM)
  • CVE-2026-50870 An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensi... (7.5 HIGH)
  • CVE-2026-39007 An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export ... (7.5 HIGH)