CVE-2024-5685
June 14, 2024, 10:15 a.m.
Tags
Product(s) Impacted
snipe-it
- 4.6.17 - 6.4.1
Description
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
Weaknesses
Date
Published: June 14, 2024, 10:15 a.m.
Last Modified: June 14, 2024, 10:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
596c5446-0ce5-4ba2-aa66-48b3b757a647
References
https://github.com/
596c5446-0ce5-4ba2-aa66-48b3b757a647
https://github.com/
596c5446-0ce5-4ba2-aa66-48b3b757a647
https://github.com/
596c5446-0ce5-4ba2-aa66-48b3b757a647