x/vulndb: potential Go vuln in github.com/glpi-project/glpi-agent: CVE-2024-28241

[GoVulnBot]

CVE-2024-28241 references github.com/glpi-project/glpi-agent, which may be a Go module.

Description:
The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-28241
• JSON: https://github.com/CVEProject/cvelist/tree/dee94b1e5126df3cc4eae107f464670d9f04291e/2024/28xxx/CVE-2024-28241.json
• advisory: GHSA-3268-p58w-86hw
• fix: glpi-project/glpi-agent@9a97114
• Imported by: https://pkg.go.dev/github.com/glpi-project/glpi-agent?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/glpi-project/glpi-agent
      vulnerable_at: 0.0.0-20240425160920-dbf3bd3ce796
      packages:
        - package: glpi-agent
summary: CVE-2024-28241 in github.com/glpi-project/glpi-agent
cves:
    - CVE-2024-28241
references:
    - advisory: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-3268-p58w-86hw
    - fix: https://github.com/glpi-project/glpi-agent/commit/9a97114f595562c91b0833b4a800dd51e9df65e9
source:
    id: CVE-2024-28241

[gopherbot]

Change https://go.dev/cl/590278 mentions this issue: data/reports: add 48 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590282 mentions this issue: data/excluded: add 3 excluded reports