Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34254

Published: 23/06/2023 Updated: 05/07/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0

Vulnerability Summary

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.

Vulnerable Product Search on Vulmon Subscribe to Product

glpi-project glpi agent

References

CWE-78https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465https://github.com/glpi-project/glpi-agent/blob/dd313ee0914becf74c0e48cb512765210043b478/Changes#L98https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scriptingCVE-2024-5158XML external entityCVE-2024-4262CVE-2024-2036CVE-2024-4985CVE-2024-21791remote attackersCVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook