Security Advisories - snipe/snipe-it

snipe/snipe-it Security Advisories for v3.3.0 (34)

[HIGH] Snipe-IT remote code execution

PKSA-xdch-tcv5-mhm5 CVE-2024-48987 GHSA-57qh-vmjr-5jxg

Affected version: <7.0.10

Reported by:
GitHub
[HIGH] Snipe-IT allows users to promote or demote themselves or other users

PKSA-z8qx-662q-rf8y CVE-2024-5685 GHSA-544r-fc65-v832

Affected version: <6.4.2

Reported by:
GitHub
[HIGH] Cross-Site Request Forgery (CSRF) in snipe/snipe-it

PKSA-vwgv-c27j-814j CVE-2023-5511 GHSA-33vj-r6p6-x4p8

Affected version: <=6.2.2

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in snipe/snipe-it

PKSA-cht9-1vc6-6bmf CVE-2023-5452 GHSA-rr5c-69c9-gj9f

Affected version: <=6.2.1

Reported by:
GitHub
[MEDIUM] Snipe-IT allows attackers to check whether a user account exists

PKSA-jrdw-kz9p-4bz7 CVE-2022-44381 GHSA-qqv9-gqh5-7h99

Affected version: <=6.0.14

Reported by:
GitHub
[MEDIUM] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets

PKSA-44wz-9w6n-4dr3 CVE-2022-44380 GHSA-363q-j92x-7543

Affected version: <6.0.14

Reported by:
GitHub
[MEDIUM] Snipe-IT vulnerable to Improper Authentication

PKSA-7r6m-2yf6-yhdg CVE-2022-3173 GHSA-fhvv-p968-6vvj

Affected version: <6.0.10

Reported by:
GitHub
[MEDIUM] snipe-it vulnerable to cross-site scripting (XSS)

PKSA-w688-w6zs-zd4h CVE-2022-3035 GHSA-rff2-vqm3-jpv5

Affected version: <6.0.11

Reported by:
GitHub
[MEDIUM] Insufficient Session Expiration in snipe/snipe-it

PKSA-rfx5-qvwj-94st CVE-2022-2997 GHSA-cmxc-9ghj-jp87

Affected version: <6.0.10

Reported by:
GitHub
[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

PKSA-z58z-h4zh-1zhj CVE-2022-32061 GHSA-xwqx-x38c-cw95

Affected version: <=6.0.2

Reported by:
GitHub
[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings

PKSA-8j5v-fmm7-wt5m CVE-2022-32060 GHSA-w82x-xjjr-cjr5

Affected version: <=6.0.2

Reported by:
GitHub
[MEDIUM] Snipe-IT XSS Vulnerability

PKSA-14vj-xv1g-g219 CVE-2019-10118 GHSA-fx98-8w93-4mxr

Affected version: <4.6.14

Reported by:
GitHub
[HIGH] snipe-IT vulnerable to host header injection

PKSA-8rfs-wtdf-xfx2 CVE-2022-23064 GHSA-9vh6-qfv6-vcqp

Affected version: >=3.0-alpha,<=5.3.7

Reported by:
GitHub
[MEDIUM] Improper Access Control in snipe/snipe-it

PKSA-mx1p-71nz-7bbw CVE-2022-1511 GHSA-p2vw-f87c-q597

Affected version: <5.4.4

Reported by:
GitHub
[MEDIUM] Stored cross-site scripting in Snipe-IT

PKSA-cry2-5f97-1776 CVE-2022-1445 GHSA-hpx4-xjp7-m4vr

Affected version: <5.4.3

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in snipe-it

PKSA-tysm-wwww-bphm CVE-2022-1380 GHSA-p885-prv3-m4xv

Affected version: <5.4.3

Reported by:
GitHub
[HIGH] Old sessions not blocked by login enable function in Snipe-IT

PKSA-111v-cp4h-45pv CVE-2022-1155 GHSA-636j-7x7r-gvw2

Affected version: <5.4.2|>=6.0.0-RC-1,<=6.0.0-RC-5

Reported by:
GitHub
[MEDIUM] Generation of Error Message Containing Sensitive Information in Snipe-IT

PKSA-6qhy-57tc-w8br CVE-2022-0622 GHSA-pwwm-pwx2-2hw7

Affected version: <5.3.11

Reported by:
GitHub
[HIGH] Improper Privilege Management in Snipe-IT

PKSA-tnk3-ggr7-23qc CVE-2022-0611 GHSA-j57w-3c39-gpp5

Affected version: <5.3.11

Reported by:
GitHub
[MEDIUM] Exposure of Sensitive Information in snipe/snipe-it

PKSA-b3pc-3vj4-js4s CVE-2022-0569 GHSA-qpv2-jxc7-3638

Affected version: <5.3.10

Reported by:
GitHub
[MEDIUM] Improper Privilege Management in Snipe-IT

PKSA-b466-9p4g-g85g CVE-2022-0579 GHSA-v6vg-pxvv-g5cq

Affected version: <5.3.9

Reported by:
GitHub
[MEDIUM] Improper Access Control in snipe-it

PKSA-gzsd-9krn-qpvt CVE-2022-0178 GHSA-xc47-3rch-cv57

Affected version: <=5.3.7

Reported by:
GitHub
[MEDIUM] Incorrect Default Permissions and Improper Access Control in snipe-it

PKSA-ytnn-96r3-d3kb CVE-2022-0179 GHSA-w3v3-cxq5-9vr4

Affected version: <5.3.7

Reported by:
GitHub
[HIGH] snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-168d-vfgc-8zkn CVE-2021-4130 GHSA-4w23-c97g-fq5v

Affected version: <5.3.6

Reported by:
GitHub
[MEDIUM] snipe-it is vulnerable to Improper Access Control

PKSA-v6jc-z85y-2xb2 CVE-2021-4089 GHSA-9vwf-54m9-gc4f

Affected version: <5.3.4

Reported by:
GitHub
[MEDIUM] snipe-it is vulnerable to Cross-site Scripting

PKSA-xn61-mcnh-2z6t CVE-2021-4108 GHSA-rxch-gp62-574w

Affected version: <5.3.5

Reported by:
GitHub
[HIGH] Server-Side Request Forgery in snipe/snipe-it

PKSA-mycg-3z9s-m171 CVE-2021-4075 GHSA-553q-hpvp-q8pc

Affected version: <=5.3.3

Reported by:
GitHub
[MEDIUM] snipe-it is vulnerable to Cross-site Scripting

PKSA-j39k-svpb-czn5 CVE-2021-4018 GHSA-5fh3-25xr-g85h

Affected version: <5.3.3

Reported by:
GitHub
[HIGH] Cross-site Scripting in snipe/snipe-it

PKSA-v67w-nqct-qm6c CVE-2021-3961 GHSA-c65v-p733-9796

Affected version: <5.3.2

Reported by:
GitHub
[LOW] snipe-it is vulnerable to Cross-site Scripting

PKSA-f953-tv8q-pmys CVE-2021-3938 GHSA-2cqg-q7jm-j35c

Affected version: <=5.3.1

Reported by:
GitHub
[MEDIUM] snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

PKSA-xvn7-8ccy-j2pj CVE-2021-3931 GHSA-533p-cp2g-99wp

Affected version: <=5.3.1

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in snipe-it

PKSA-k1nv-3hks-9dm6 CVE-2021-3863 GHSA-5rg2-6qr5-2xp8

Affected version: <5.3.0

Reported by:
GitHub
[MEDIUM] Cross-Site Request Forgery in snipe-it

PKSA-v52w-gy13-9kjc CVE-2021-3858 GHSA-g92x-8m54-p89v

Affected version: <5.3.0

Reported by:
GitHub
[MEDIUM] Cross-site Scripting in snipe-it

PKSA-4ht1-zxj3-7f11 CVE-2021-3879 GHSA-9g3v-j3cr-6fc6

Affected version: <5.3.0

Reported by:
GitHub

snipe/snipe-it Security Advisories for v3.3.0 (34)

[HIGH] Snipe-IT remote code execution

[HIGH] Snipe-IT allows users to promote or demote themselves or other users

[HIGH] Cross-Site Request Forgery (CSRF) in snipe/snipe-it

[MEDIUM] Cross-site Scripting in snipe/snipe-it

[MEDIUM] Snipe-IT allows attackers to check whether a user account exists

[MEDIUM] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets

[MEDIUM] Snipe-IT vulnerable to Improper Authentication

[MEDIUM] snipe-it vulnerable to cross-site scripting (XSS)

[MEDIUM] Insufficient Session Expiration in snipe/snipe-it

[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings

[MEDIUM] Snipe-IT XSS Vulnerability

[HIGH] snipe-IT vulnerable to host header injection

[MEDIUM] Improper Access Control in snipe/snipe-it

[MEDIUM] Stored cross-site scripting in Snipe-IT

[MEDIUM] Cross-site Scripting in snipe-it

[HIGH] Old sessions not blocked by login enable function in Snipe-IT

[MEDIUM] Generation of Error Message Containing Sensitive Information in Snipe-IT

[HIGH] Improper Privilege Management in Snipe-IT

[MEDIUM] Exposure of Sensitive Information in snipe/snipe-it

[MEDIUM] Improper Privilege Management in Snipe-IT

[MEDIUM] Improper Access Control in snipe-it

[MEDIUM] Incorrect Default Permissions and Improper Access Control in snipe-it

[HIGH] snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] snipe-it is vulnerable to Improper Access Control

[MEDIUM] snipe-it is vulnerable to Cross-site Scripting

[HIGH] Server-Side Request Forgery in snipe/snipe-it

[MEDIUM] snipe-it is vulnerable to Cross-site Scripting

[HIGH] Cross-site Scripting in snipe/snipe-it

[LOW] snipe-it is vulnerable to Cross-site Scripting

[MEDIUM] snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

[MEDIUM] Cross-site Scripting in snipe-it

[MEDIUM] Cross-Site Request Forgery in snipe-it

[MEDIUM] Cross-site Scripting in snipe-it