CNNVD-202511-2025 Information

Nov 18, 2025 cve

CNNVD ID

CNNVD-202511-2025

CVE-2025-53360

  • CNNVD Published: 2025-11-18

Description (Chinese)

Database inventory plugin是GLPI Project Plugins开源的一个数据库管理插件。 Database inventory plugin 1.0.3之前版本存在访问控制错误漏洞,该漏洞源于任何经过身份验证的用户都可以向代理发送请求。

Description (English)

Data inventory plugin is a database management plugin for GLPI Project Plugins. There was a bug in access control in the pre-version of Data inventory plugin 1.0.3, which originated from the fact that any authentication user could send a request to the agent.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

GLPI Project Plugins

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269 https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87 https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58 https://access.redhat.com/security/cve/cve-2025-53360

Patch

https://github.com/pluginsGLPI/databaseinventory/releases

Share on: