Glances is an open-source, cross-platform system monitoring tool that exposes a REST API web server for remote monitoring and management. Prior to version 4.5.2, Glances' REST API was configured with a default Cross-Origin Resource Sharing (CORS) policy that set allow_origins to ["*"] while simultaneously enabling allow_credentials=True. According to the CORS specification, the wildcard "*" cannot be used in conjunction with credentials, as it would allow any website to send credentialed requests and access sensitive data. However, Starlette's CORSMiddleware, used by Glances, reflects the Origin header value back in the Access-Control-Allow-Origin response header instead of returning the literal "*". This behavior effectively permits any website to perform credentialed cross-origin requests to the Glances API. Consequently, an attacker can craft a malicious website that, when visited by a user with an active Glances session, can steal sensitive information such as system monitoring data, configuration secrets, and command line arguments. The vulnerability is classified under CWE-942 (Permissive Cross-domain Policy with Untrusted Domains). Exploitation requires no authentication but does require user interaction (visiting a malicious website). The vulnerability has a CVSS 3.1 base score of 8.1 (high severity), reflecting its potential for high confidentiality and integrity impact without affecting availability. The issue was addressed in Glances version 4.5.2 by correcting the CORS configuration to prevent credentialed requests from untrusted origins.

This vulnerability allows attackers to bypass same-origin policy protections and perform credentialed cross-origin requests to the Glances REST API. The impact includes unauthorized disclosure of sensitive system monitoring data, configuration secrets, and command line arguments, which could facilitate further attacks such as privilege escalation, lateral movement, or targeted exploitation of the monitored system. Organizations relying on Glances for system monitoring expose themselves to data theft risks if users access malicious websites while having active Glances sessions. The confidentiality and integrity of system data are at high risk, potentially leading to operational disruption or data breaches. Since the vulnerability does not affect availability, denial-of-service is not a primary concern. The ease of exploitation is moderate, requiring only user interaction via a browser. The scope includes all systems running vulnerable Glances versions with the REST API enabled and accessible to users. This threat is particularly critical in environments where Glances is used for monitoring sensitive or critical infrastructure.

1. Upgrade Glances to version 4.5.2 or later, where the CORS configuration issue is fixed. 2. If immediate upgrade is not possible, disable or restrict access to the Glances REST API from untrusted networks or browsers. 3. Implement network-level controls such as firewall rules or VPNs to limit API access to trusted clients only. 4. Review and harden CORS policies to avoid using allow_origins=["*"] with allow_credentials=True; specify explicit trusted origins instead. 5. Educate users about the risks of visiting untrusted websites while having active sessions with sensitive monitoring tools. 6. Monitor logs for unusual cross-origin requests or suspicious API access patterns. 7. Consider deploying Web Application Firewalls (WAFs) that can detect and block malicious cross-origin requests targeting the Glances API. 8. Conduct regular security assessments of monitoring tools and their configurations to detect similar misconfigurations.