Glpi Project Glpi Agent
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Glpi Project Glpi Agent.
By the Year
In 2025 there have been 0 vulnerabilities in Glpi Project Glpi Agent. Last year, in 2024 Glpi Agent had 2 security vulnerabilities published. Right now, Glpi Agent is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 2 | 7.80 |
2023 | 1 | 7.20 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Glpi Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Glpi Project Glpi Agent Security Vulnerabilities
The GLPI Agent is a generic management agent
CVE-2024-28241
7.8 - High
- April 25, 2024
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.
Improper Privilege Management
The GLPI Agent is a generic management agent
CVE-2024-28240
7.8 - High
- April 25, 2024
The GLPI Agent is a generic management agent. A vulnerability that only affects GLPI-Agent installed on windows via MSI packaging can allow a local user to cause denial of agent service by replacing GLPI server url with a wrong url or disabling the service. Additionally, in the case the Deploy task is installed, a local malicious user can trigger privilege escalation configuring a malicious server providing its own deploy task payload. GLPI-Agent 1.7.2 contains a patch for this issue. As a workaround, edit GLPI-Agent related key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` and add `SystemComponent` DWORD value setting it to `1` to hide GLPI-Agent from installed applications.
The GLPI Agent is a generic management agent
CVE-2023-34254
7.2 - High
- June 23, 2023
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Glpi Project Glpi Agent or by Glpi Project? Click the Watch button to subscribe.
