Ubuntu.comUB:CVE-2024-28241CVE-2024-28241
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a
local user can modify GLPI-Agent code or used DLLs to modify agent logic
and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2
to receive a patch. As a workaround, use the default installation folder
which involves installed folder is automatically secured by the system.
References
github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
launchpad.net/bugs/cve/CVE-2024-28241
nvd.nist.gov/vuln/detail/CVE-2024-28241
security-tracker.debian.org/tracker/CVE-2024-28241
www.cve.org/CVERecord?id=CVE-2024-28241
Related
7.3 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%