CVE-2022-39262 is a medium-severity vulnerability affecting versions of the GLPI (Gestionnaire Libre de Parc Informatique) software prior to 10.0.4. GLPI is an open-source IT asset and management software widely used for managing IT infrastructure and services. The vulnerability is categorized under CWE-83, which pertains to improper neutralization of script in attributes in a web page, essentially a form of Cross-Site Scripting (XSS). Specifically, GLPI administrators have the ability to define rich-text content displayed on the login page. Due to insufficient sanitization or improper neutralization of script content within HTML attributes, an attacker with administrative privileges or the ability to inject content into the rich-text fields can embed malicious scripts. These scripts can execute in the context of users visiting the login page, potentially leading to credential theft or session hijacking. The vulnerability does not require user interaction beyond visiting the login page, and no authentication is required to trigger the malicious script once it is embedded. However, exploitation requires the attacker to have the ability to inject or modify the rich-text content displayed on the login page, which typically implies some level of administrative access or compromise of a trusted user. The issue was publicly disclosed on November 3, 2022, and has been patched in GLPI version 10.0.4. There are no known exploits in the wild at this time. The vulnerability primarily impacts confidentiality and integrity by enabling credential theft and unauthorized access through script execution in a trusted context. Availability impact is minimal or none. Given the nature of GLPI as an IT management tool, exploitation could lead to broader compromise of IT infrastructure if attackers leverage stolen credentials or session tokens obtained via this vulnerability.

For European organizations using GLPI versions prior to 10.0.4, this vulnerability poses a significant risk to the confidentiality of user credentials and the integrity of authentication processes. Since GLPI is often used to manage critical IT assets and services, successful exploitation could allow attackers to gain unauthorized access to IT management consoles, potentially leading to further lateral movement within organizational networks. This could result in data breaches, disruption of IT services, and exposure of sensitive operational information. The risk is particularly acute for organizations with large IT infrastructures relying on GLPI for asset management, including government agencies, healthcare providers, and large enterprises. The vulnerability could also undermine trust in IT service management processes and complicate compliance with data protection regulations such as GDPR if credential theft leads to unauthorized data access. Although no active exploits are known, the ease of injecting malicious scripts by an attacker with administrative access means that insider threats or compromised administrators could weaponize this vulnerability. The impact on availability is limited, but the potential for cascading security failures due to compromised credentials elevates the overall risk profile for affected organizations.

1. Immediate upgrade to GLPI version 10.0.4 or later is the primary and most effective mitigation to remediate this vulnerability. 2. Restrict administrative access to GLPI to trusted personnel only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of unauthorized content injection. 3. Implement strict content security policies (CSP) on the GLPI web server to limit the execution of inline scripts and reduce the impact of potential XSS attacks. 4. Regularly audit and monitor changes to the rich-text content displayed on the login page to detect unauthorized or suspicious modifications. 5. Conduct periodic security training for administrators to raise awareness about the risks of injecting untrusted content and the importance of applying security patches promptly. 6. Employ web application firewalls (WAF) with rules tailored to detect and block malicious script injections targeting GLPI interfaces. 7. Isolate GLPI servers within segmented network zones with limited access to reduce the blast radius in case of compromise. 8. Review and harden GLPI configuration settings to minimize exposure of administrative functions and sensitive data.