Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing as_dict_secure() redaction. However, the /api/v4/args and /api/v4/args/{item} endpoints were not addressed by this fix. These endpoints return the complete command-line arguments namespace via vars(self.args), which includes the password hash (salt + pbkdf2_hmac), SNMP community strings, SNMP authentication keys, and the configuration file path. When Glances runs without --password (the default), these endpoints are accessible without any authentication. Version 4.5.2 provides a more complete fix.
3.1.5-13.2.3.1+dfsg-13.2.4.2+dfsg-13.4.0.3+dfsg-14.3.0.8+dfsg-14.3.1+dfsg-12.3-1build12.3-1ubuntu0.1~esm12.10-22.11.1-12.11.1-22.11.1-32.11.1-3ubuntu0.1~esm13.1.0-13.1.1-13.1.3-13.1.3-1ubuntu0.1~esm1Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:NA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N