The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
History

Wed, 27 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T20:19:03.534Z

Updated: 2024-11-27T20:34:26.853Z

Reserved: 2023-05-31T13:51:51.175Z

Link: CVE-2023-34254

cve-icon Vulnrichment

Updated: 2024-08-02T16:01:54.348Z

cve-icon NVD

Status : Modified

Published: 2023-06-23T21:15:09.320

Modified: 2024-11-21T08:06:52.180

Link: CVE-2023-34254

cve-icon Redhat

No data.