Vendor
Glances Cross-Origin Information Disclosure via Unauthenticated REST API
2 rules 3 TTPs 1 CVEGlances versions before 4.5.4 are vulnerable to cross-origin information disclosure, where a malicious website can retrieve sensitive system information from a running Glances instance due to a permissive CORS policy on the `/api/4/all` endpoint.
Glances IP Plugin SSRF Vulnerability Leading to Credential Leakage
3 rules 3 TTPs 1 IOCA server-side request forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation of the public_api configuration parameter, allowing attackers to force outbound HTTP requests and potentially leak credentials via the Authorization header.
Glances Command Injection Vulnerability via Dynamic Configuration
2 rules 2 TTPsGlances versions 4.5.2 and earlier are vulnerable to command injection via dynamic configuration values, allowing arbitrary command execution with the privileges of the Glances process if an attacker can modify or influence configuration files, potentially leading to privilege escalation.