Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder
Vulnerability Description
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
GLPI 安全漏洞
Vulnerability Description
GLPI是个人开发者的一款开源IT和资产管理软件。该软件提供功能全面的IT资源管理接口,你可以用它来建立数据库全面管理IT的电脑,显示器,服务器,打印机,网络设备,电话,甚至硒鼓和墨盒等。 GLPI Agent 1.7.2之前版本存在安全漏洞,该漏洞源于使用非默认安装文件夹时,MSI安装包不会更新文件夹的安全配置文件。
CVSS Information
N/A
Vulnerability Type
N/A