Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-5685

June 14, 2024, 10:15 a.m.

Product(s) Impacted

snipe-it

  • 4.6.17 - 6.4.1

Description

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

Weaknesses

Date

Published: June 14, 2024, 10:15 a.m.

Last Modified: June 14, 2024, 10:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

596c5446-0ce5-4ba2-aa66-48b3b757a647

References

https://github.com/ 596c5446-0ce5-4ba2-aa66-48b3b757a647

https://github.com/ 596c5446-0ce5-4ba2-aa66-48b3b757a647

https://github.com/ 596c5446-0ce5-4ba2-aa66-48b3b757a647