Impact
Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit.
Server-side requests can be used to scan server port or services opened on GLPI server or its private network.
Queries responses are not exposed to end-user (blind SSRF).
For more information
If you have any questions or comments about this advisory:
mail us at [email protected]
Impact
Usage of RSS feeds or extenal calendar in planning is subject to SSRF exploit.
Server-side requests can be used to scan server port or services opened on GLPI server or its private network.
Queries responses are not exposed to end-user (blind SSRF).
For more information
If you have any questions or comments about this advisory:
mail us at [email protected]