The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-23T20:19:03.534Z
Updated: 2024-11-27T20:34:26.853Z
Reserved: 2023-05-31T13:51:51.175Z
Link: CVE-2023-34254
Vulnrichment
Updated: 2024-08-02T16:01:54.348Z
NVD
Status : Modified
Published: 2023-06-23T21:15:09.320
Modified: 2024-11-21T08:06:52.180
Link: CVE-2023-34254
Redhat
No data.