pluginsGLPI’s Database Inventory Plugin allows any authenticated user to send...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Description

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.

Basic Information

ID CVE-2025-53360

Source GitHub_M

Published Nov 18, 2025 at 16:12

Modified Nov 18, 2025 at 18:22

Affected Product

Vendor pluginsGLPI

Product databaseinventory

Version < 1.0.3

Affected Versions pluginsGLPI databaseinventory < 1.0.3

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "pluginsGLPI's Database Inventory Plugin \"manages\" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.",
    "published": "2025-11-18T16:12:15.116Z",
    "modified": "2025-11-18T18:22:25.605Z",
    "type": "cve",
    "title": "pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests",
    "source": "GitHub_M",
    "references": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58\nhttps://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87\nhttps://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e\nhttps://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269",
    "id": "CVE-2025-53360",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "pluginsGLPI databaseinventory < 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "databaseinventory",
    "version": "< 1.0.3",
    "vendor": "pluginsGLPI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

pluginsGLPI’s Database Inventory Plugin allows any authenticated user to send agent requests_CVE-2025-53360