Glpi Project Glpi Agent
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Glpi Project Glpi Agent.
By the Year
In 2026 there have been 0 vulnerabilities in Glpi Project Glpi Agent. Glpi Agent did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.80 |
| 2023 | 1 | 7.20 |
It may take a day or so for new Glpi Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Glpi Project Glpi Agent Security Vulnerabilities
Local Privilege Escalation via DLL Tampering in GLPI-Agent <1.7.2
CVE-2024-28241
7.8 - High
- April 25, 2024
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.
Improper Privilege Management
GLPI-Agent Local Priv Esc via Deploy Task (pre-1.7.2)
CVE-2024-28240
7.8 - High
- April 25, 2024
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.
High Priv Escalation in GLPI Agent 1.5 Pre-Release via SSH Cmd Injection
CVE-2023-34254
7.2 - High
- June 23, 2023
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Glpi Project Glpi Agent or by Glpi Project? Click the Watch button to subscribe.
