28. 03. 2024 Valentina Da Rold Bug Fixes, NetEye

NetEye 4 – Security Advisory

Important: GLPI Security Update

Type/Severity

Security Advisory: High

Topic

An update for the package glpi is now available for NetEye 4.

NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System (CVSS) base scores provide additional guidance about a vulnerability, and give a detailed severity rating.

Description

GLPI was affected by:

  • [High] SQL Injection in through the search engine (CVE-2024-27096)
  • [Moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
  • [Moderate] Stored XSS in dashboards (CVE-2024-27104)
  • [Moderate] Reflected XSS in debug mode (CVE-2024-27914)
  • [Moderate] Sensitive fields access through dropdowns (CVE-2024-27930)
  • [Moderate] Users emails enumeration (CVE-2024-27937)

Security Fixes for NetEye 4.34:

  • glpi-10.0.14_neteye1.15.0-1
  • glpi-autosetup-10.0.14_neteye1.15.0-1
  • glpi-neteye-config-10.0.14_neteye1.15.0-1
  • php-neteye-config-1.3.0-1

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the links listed below in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions before and including 4.34.

References

Valentina Da Rold

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Author

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Latest posts by Valentina Da Rold

26. 11. 2024 Atlassian, Development, UI
How to Customize Your Barcode Scanning App (Part 2)
26. 11. 2024 Atlassian, Development, UI, UX
How to Customize Your Barcode Scanning App (Part 1)
14. 11. 2024 Atlassian, Service Management
Take Control of Your Assets from Anywhere with Just a Wave of Your Hand!
03. 05. 2024 Development
Exploring Tailwind CSS: A Game-Changer in Frontend Development
07. 02. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
See All

Related Content

Tags:

20. 12. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.39

We fixed a bug which was causing the Elasticsearch upgrade procedure to fail in a race condition. In particular, after the upgrade of the Elasticsearch RPM and before the restart of the service, the running Elasticsearch service could possibly fail Read More
20. 12. 2024 Automation, Development, NetEye

When Less is More: NetEye Update and Upgrade Checkpoints

Hello everyone! Today, I'd like to briefly discuss an improvement to the update and upgrade procedures that we've started to adopt with NetEye 4.39! What we wanted to improve One aspect that made quite an impact was that whenever the Read More
19. 12. 2024 Automation, Development, NetEye

NetEye Install and Upgrades: Moving to a Parallel Architecture

Hello everyone! Today, I’d like to share an exciting improvement we’ve made to the installation and upgrade procedures in NetEye, introducing a faster and more efficient parallel architecture! Why Modernize the Installation and Upgrade Processes? At Würth Phoenix, we strive Read More
06. 12. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.37+

After the previous release of an Icinga2 bugfix for a race-condition during the shutdown, some issues with the connection to satellite nodes emerged. This bugfix release is a cleanup we worked on in cooperation with Icinga2 to address those issues. Read More
05. 12. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.38

We fixed an issue related to the upgrade path from 4.37 to 4.38, where the upgrade could have blocked at the secure install phase due to the missing retrieval of upgrade checkpoints. We updated the following packages: neteye-upgrade-manager to version Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive