Back

CVE-2024-5685

June 14, 2024, 10:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

snipe-it

  • 4.6.17 - 6.4.1

Source

596c5446-0ce5-4ba2-aa66-48b3b757a647

Tags

CWE-862
596c5446-0ce5-4ba2-aa66-48b3b757a647
2024-06-14
CVE-2024-5685

CVE-2024-5685 details

Published : June 14, 2024, 10:15 a.m.
Last Modified : June 14, 2024, 10:15 a.m.

Description

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1 596c5446-0ce5-4ba2-aa66-48b3b757a647
https://github.com/snipe/snipe-it/pull/14745 596c5446-0ce5-4ba2-aa66-48b3b757a647
https://github.com/snipe/snipe-it/releases/tag/v6.4.2 596c5446-0ce5-4ba2-aa66-48b3b757a647
This website uses the NVD API, but is not approved or certified by it.