CVE-2025-27147

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-27147

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27147.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-27147

Aliases

GHSA-h6x9-jm98-cw7c

Published

2025-03-25T15:15:24Z

Modified

2025-03-27T18:51:06.129245Z

Summary

[none]

Details

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability.

References

Affected packages

Git / github.com/glpi-project/glpi-inventory-plugin

Affected ranges

Type: GIT
Repo: https://github.com/glpi-project/glpi-inventory-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aaeb26d98d07019375c25b56e60fffc195553545

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0