What is CVE-2021-39210?

CVE-2021-39210 is a medium-severity vulnerability in Glpi-project Glpi, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 6.5/10. Published 2021-09-15.

How severe is CVE-2021-39210?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Glpi-project Glpi

CVE-2021-39210

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal t…

EPSS: 0.003 (50.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Glpi-project Glpi — versions < 9.5.6

Weakness classification (CWE)

CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

References

github.com/glpi-project/glpi/releases/tag/9.5.6 (x_refsource_MISC)
github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 (x_refsource_CONFIRM)
huntr.dev/bounties/b2e99a41-b904-419f-a274-ae383e4925f2/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-39210?: CVE-2021-39210 is a medium-severity vulnerability in Glpi-project Glpi, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 6.5/10. Published 2021-09-15.
How severe is CVE-2021-39210?: Medium severity. CVSS v3 base score is 6.5 out of 10.