{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-53360", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-27T12:57:16.121Z", "datePublished": "2025-11-18T16:12:15.116Z", "dateUpdated": "2025-11-18T18:22:25.605Z"}, "containers": {"cna": {"title": "pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58"}, {"name": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87"}, {"name": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e"}, {"name": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269", "tags": ["x_refsource_MISC"], "url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269"}], "affected": [{"vendor": "pluginsGLPI", "product": "databaseinventory", "versions": [{"version": "< 1.0.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-18T16:12:15.116Z"}, "descriptions": [{"lang": "en", "value": "pluginsGLPI's Database Inventory Plugin \"manages\" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."}], "source": {"advisory": "GHSA-5j5j-xr62-jr58", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T18:22:19.644618Z", "id": "CVE-2025-53360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:22:25.605Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T18:22:19.644618Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T18:22:22.834Z"}}], "cna": {"title": "pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests", "source": {"advisory": "GHSA-5j5j-xr62-jr58", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "pluginsGLPI", "product": "databaseinventory", "versions": [{"status": "affected", "version": "< 1.0.3"}]}], "references": [{"url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58", "name": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87", "name": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e", "name": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269", "name": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "pluginsGLPI's Database Inventory Plugin \"manages\" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-11-18T16:12:15.116Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53360", "state": "PUBLISHED", "dateUpdated": "2025-11-18T18:22:25.605Z", "dateReserved": "2025-06-27T12:57:16.121Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-11-18T16:12:15.116Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "pluginsGLPI's Database Inventory Plugin \"manages\" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3."}], "id": "CVE-2025-53360", "lastModified": "2025-11-19T19:14:59.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-11-18T17:16:02.807", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/databaseinventory/commit/0a376a0c6f4142e11ea518faefe95c01b176fd87"}, {"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/databaseinventory/commit/7dcad1efb6ee84e9cffb3b446cdb47dc0be1091e"}, {"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/databaseinventory/commit/e9d4474acdab4141a6f4798cdd406b0d04480269"}, {"source": "security-advisories@github.com", "url": "https://github.com/pluginsGLPI/databaseinventory/security/advisories/GHSA-5j5j-xr62-jr58"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"created": "2025-11-19T10:47:52.803482+00:00", "updated": "2025-11-19T10:47:52.803510+00:00", "vendors": ["glpi-project", "glpi-project$PRODUCT$database_inventory"]}