28. 03. 2024 Valentina Da Rold Bug Fixes, NetEye

NetEye 4 – Security Advisory

Important: GLPI Security Update

Type/Severity

Security Advisory: High

Topic

An update for the package glpi is now available for NetEye 4.

NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System (CVSS) base scores provide additional guidance about a vulnerability, and give a detailed severity rating.

Description

GLPI was affected by:

  • [High] SQL Injection in through the search engine (CVE-2024-27096)
  • [Moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)
  • [Moderate] Stored XSS in dashboards (CVE-2024-27104)
  • [Moderate] Reflected XSS in debug mode (CVE-2024-27914)
  • [Moderate] Sensitive fields access through dropdowns (CVE-2024-27930)
  • [Moderate] Users emails enumeration (CVE-2024-27937)

Security Fixes for NetEye 4.34:

  • glpi-10.0.14_neteye1.15.0-1
  • glpi-autosetup-10.0.14_neteye1.15.0-1
  • glpi-neteye-config-10.0.14_neteye1.15.0-1
  • php-neteye-config-1.3.0-1

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the links listed below in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section in the User Guide.

Affected Products

All NetEye 4.x versions before and including 4.34.

References

Valentina Da Rold

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Author

Valentina Da Rold

Hi, I'm Valentina and I'm a Frontend Developer at Wuerth Phoenix. I started out my career applying my Cryptography skills to coding, but really quickly fell in love with the web. I have been making websites and applications since 2012 and I still can't get enough of it. Along the way I found a passion for front-end development, and I use this passion to create interfaces that solve problems. When I'm not creating beautiful solutions, I enjoy cooking or doing sport, while listening to beautiful music.

Latest posts by Valentina Da Rold

07. 02. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.34
19. 12. 2023 Development, Events, NetEye
We spent a (Vue)day in Verona
18. 12. 2023 Bug Fixes, NetEye
Bug Fixes for NetEye 4.33
31. 10. 2023 Bug Fixes, NetEye
Bug Fixes for NetEye 4.32
25. 10. 2023 Bug Fixes, NetEye
Bug Fixes for NetEye 4.32
See All

Related Content

Tags:

17. 04. 2024 Bug Fixes, NetEye

NetEye 4 – Security Advisory

Synopsis Important: geomap security update Type/Severity Security Advisory: High Topic An update for the package geomap is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of High. Common Vulnerability Scoring System Read More
17. 04. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.35

Resolved an issue in the NetEye Alyvix module where the dashboard's loading state would persist indefinitely if no nodes were configured. Furthermore we fixed a bug where Monitoring Objects could not be created over the live-creation if its name contained Read More
15. 03. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye PDF exporting module that causes the reporting scheduler to stop working. Updated packages We updated the following packages: icingaweb2-module-pdfexport and icingaweb2-module-pdfexport-autosetup to version 0.10.2_neteye0.4.1-2.
12. 03. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We resolved a bug in the NetEye Satellite installation and update procedures that previously resulted in an error when the Elastic Agent package was manually installed on the Satellite. Updated packages We updated the following packages: elastic-agent, elastic-agent-autosetup, elastic-agent-neteye-config, elastic-stack-configurator, elasticsearch, elasticsearch-autosetup, elasticsearch-neteye-config, elasticsearch-xpack-license, filebeat, filebeat-autosetup, filebeat-neteye-config, kibana, kibana-autosetup, kibana-neteye-config, logstash, logstash-autosetup, logstash-neteye-config, logstash-neteye-config-autosetup to version 8.11.3_neteye3.58.5-1
27. 02. 2024 Bug Fixes, NetEye

Bug Fixes for NetEye 4.34

We fixed a bug in the Elasticsearch installation and update procedures for which customizations of the Elasticsearch node name, if performed, were not taken into account by the built-in procedures and would lead to a failure. Updated packages We updated Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive