Remote inventory task command injection when using ssh command mode
CVE-2023-34254

7.7HIGH

Key Information:

Vendor: Glpi-project
Status: Glpi-agent
Vendor: CVE Published:; 23 June 2023

🔔 Create Glpi-project Vulnerability Alert

What is CVE-2023-34254?

The GLPI Agent, utilized for system management, exhibits a command injection vulnerability in its remote inventory task on Unix systems. Administrators can inadvertently allow malicious users to inject commands in a specific workflow. If the agent operates with elevated privileges, attackers could exploit this flaw to gain unauthorized access and manipulate system functions. This vulnerability also exposes configuration data for all remote accesses used by the agent. The issue has been addressed in version 1.5 of the GLPI Agent, urging users to update promptly to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

glpi-agent < 1.5

References

https://github.com/glpi-project/glpi-agent/security/advis...

x_refsource_CONFIRM

https://github.com/glpi-project/glpi-agent/blob/dd313ee09...

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
May 31, 2023

JSON

Glpi-project

What is CVE-2023-34254?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.