CVE-2023-28838 : Security Advisory and Response

This CVE involves a vulnerability in GLPI software that allows for SQL injection through dynamic reports, potentially leading to critical consequences for affected systems.

Understanding CVE-2023-28838

This section will provide insight into what CVE-2023-28838 entails, its impact, technical details, and mitigation measures.

What is CVE-2023-28838?

GLPI is a free asset and IT management software. The vulnerability in versions prior to 9.5.13 and 10.0.7 allows users with access rights to statistics or reports to extract all data from the database and, in certain scenarios, write a webshell on the server. Versions 9.5.13 and 10.0.7 have patches available to address this issue. As a temporary workaround, it is recommended to revoke

Assistance > Statistics

and

Tools > Reports

read permissions from all users.

The Impact of CVE-2023-28838

The criticality of this CVE lies in the ability for unauthorized users to exploit SQL injection to access sensitive data and potentially compromise the server by injecting malicious webshells. This could lead to data theft, unauthorized access, and other severe consequences.

Technical Details of CVE-2023-28838

This section will delve into the specifics of the vulnerability, including its description, affected systems and versions, and the exploitation mechanism.

Vulnerability Description

The vulnerability, identified as CWE-89, involves improper neutralization of special SQL elements, allowing attackers to manipulate SQL queries and gain unauthorized access to the database.

Affected Systems and Versions

The vulnerable versions include those ranging from 0.50 to 9.5.13 and 10.0.0 to 10.0.7 of the GLPI software.

Exploitation Mechanism

By exploiting the SQL injection vulnerability through dynamic reports, attackers can execute malicious SQL queries to extract data or write webshells on the server, potentially leading to a complete compromise.

Mitigation and Prevention

In response to CVE-2023-28838, it is crucial to implement immediate steps and adopt long-term security practices to mitigate the risk and prevent potential exploits.

Immediate Steps to Take

Apply patches provided in versions 9.5.13 and 10.0.7 to eliminate the vulnerability.
Restrict user access rights to

Assistance > Statistics

and

Tools > Reports

as a temporary workaround.
Conduct a security audit to check for any signs of exploitation.

Long-Term Security Practices

Regularly update and patch software to address security vulnerabilities promptly.
Implement strict access controls and privileges to limit user permissions.
Educate users on secure coding practices and the risks associated with SQL injection attacks.

Patching and Updates

Ensure that all GLPI instances are updated to versions 9.5.13 or 10.0.7 to apply the necessary patches and protect systems from potential exploitation of the SQL injection vulnerability.