Unrated severityNVD Advisory· Published Sep 14, 2022· Updated Apr 23, 2025

Blind Server-Side Request Forgery (SSRF) in GLPI

CVE-2022-36112

Description

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit. Server-side requests can be used to scan server port or services opened on GLPI server or its private network. Queries responses are not exposed to end-user (blind SSRF). Users are advised to upgrade to version 10.0.3 to resolve this issue. There are no known workarounds.

Affected products

Glpi Project/Glpiv5
Range: < 10.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/glpi-project/glpi/commit/ad66d69049ae02bead8ed0f4ee654a458643244emitrex_refsource_MISC
github.com/glpi-project/glpi/security/advisories/GHSA-rqgx-gqhp-x8vvmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000