CVE-2023-34254

CVSS V2 None CVSS V3 None
Description
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
Overview
  • CVE ID
  • CVE-2023-34254
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-06-23T20:19:03.534Z
  • Last Modified Date
  • 2023-06-23T20:19:03.534Z
History
Created Old Value New Value Data Type Notes
2024-06-25 20:45:23 Added to TrackCVE