37 matches found
CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...
CVE-2024-28240
GLPI-Agent (Windows MSI install) is affected by CVE-2024-28240. A local user can cause denial of service by replacing the GLPI server URL or disabling the agent service, and if the Deploy task is installed, can trigger privilege escalation by configuring a malicious server with its own deploy tas...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...
PT-2024-22356 · Unknown +1 · Glpi Agent +1
Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...
GLPI 安全漏洞
GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...
PT-2024-4812 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: GLPI-Agent versions prior to 1.7.2 Description: A vulnerability in the GLPI-Agent, specifically affecting installations on Windows via MSI packaging, allows a local user to cause a denial of service by replacing the GLPI server URL with an...
CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
Design/Logic Flaw
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
UBUNTU-CVE-2023-34254
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
CVE-2023-34254
The CVE-2023-34254 issue affects GLPI Agent (pre-1.5) where, during a remoteinventory task over SSH on Unix, an remote administrator could inject commands into the agent’s workflow, potentially gaining high privileges on the host and exposing configured remote access. Root cause is input/command ...
CVE-2023-34254 Remote inventory task command injection when using ssh command mode
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...
GLPI 操作系统命令注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...