Lucene search
K

37 matches found

Vulnrichment
Vulnrichment
added 2024/04/25 4:44 p.m.18 views

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

7.3CVSS6.9AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2024/04/25 4:37 p.m.77 views

CVE-2024-28240

GLPI-Agent (Windows MSI install) is affected by CVE-2024-28240. A local user can cause denial of service by replacing the GLPI server URL or disabling the agent service, and if the Deploy task is installed, can trigger privilege escalation by configuring a malicious server with its own deploy tas...

7.8CVSS6.9AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/25 4:37 p.m.50 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7.4AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/04/25 4:37 p.m.39 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7.4AI score0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/25 4:37 p.m.22 views

CVE-2024-28240 GLPI-Agent's MSI package installation permits local users to change Agent configuration

The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy ta...

7.3CVSS7AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.8 views

PT-2024-22356 · Unknown +1 · Glpi Agent +1

Name of the Vulnerable Software and Affected Versions: GLPI Agent versions prior to 1.7.2 Description: A local user can modify the GLPI-Agent code or used DLLs to modify agent logic and potentially gain higher privileges. Recommendations: For versions prior to 1.7.2, upgrade to GLPI-Agent 1.7.2 t...

7.8CVSS7.3AI score0.00217EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.6 views

GLPI 安全漏洞

GLPI is an open source IT and asset management software from an individual developer. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner...

7.8CVSS6.4AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.10 views

PT-2024-4812 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: GLPI-Agent versions prior to 1.7.2 Description: A vulnerability in the GLPI-Agent, specifically affecting installations on Windows via MSI packaging, allows a local user to cause a denial of service by replacing the GLPI server URL with an...

7.8CVSS7.2AI score0.00224EPSS
Exploits0References8
NVD
NVD
added 2023/06/23 9:15 p.m.18 views

CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS7.6AI score0.00799EPSS
Exploits0References2
Prion
Prion
added 2023/06/23 9:15 p.m.19 views

Design/Logic Flaw

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

5.8CVSS7AI score0.00799EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/23 9:15 p.m.29 views

CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS7AI score0.00799EPSS
Exploits0References3
OSV
OSV
added 2023/06/23 9:15 p.m.3 views

UBUNTU-CVE-2023-34254

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS5.8AI score0.00799EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/23 8:19 p.m.11 views

CVE-2023-34254 Remote inventory task command injection when using ssh command mode

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS7AI score0.00799EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/23 8:19 p.m.25 views

CVE-2023-34254 Remote inventory task command injection when using ssh command mode

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS7.8AI score0.00799EPSS
Exploits0References2
CVE
CVE
added 2023/06/23 8:19 p.m.78 views

CVE-2023-34254

The CVE-2023-34254 issue affects GLPI Agent (pre-1.5) where, during a remoteinventory task over SSH on Unix, an remote administrator could inject commands into the agent’s workflow, potentially gaining high privileges on the host and exposing configured remote access. Root cause is input/command ...

7.6CVSS7.2AI score0.00799EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/23 8:19 p.m.22 views

CVE-2023-34254 Remote inventory task command injection when using ssh command mode

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

7.6CVSS7.1AI score0.00799EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.7 views

GLPI 操作系统命令注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

7.6CVSS7.2AI score0.00799EPSS
Exploits0References3
Rows per page
Query Builder