snipe/snipe-it Security Advisories for v5.3.10 (17)
-
[HIGH] Snipe-IT remote code execution
PKSA-xdch-tcv5-mhm5 CVE-2024-48987 GHSA-57qh-vmjr-5jxg
Affected version: <7.0.10
Reported by:
GitHub -
[HIGH] Snipe-IT allows users to promote or demote themselves or other users
PKSA-z8qx-662q-rf8y CVE-2024-5685 GHSA-544r-fc65-v832
Affected version: <6.4.2
Reported by:
GitHub -
[HIGH] Cross-Site Request Forgery (CSRF) in snipe/snipe-it
PKSA-vwgv-c27j-814j CVE-2023-5511 GHSA-33vj-r6p6-x4p8
Affected version: <=6.2.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in snipe/snipe-it
PKSA-cht9-1vc6-6bmf CVE-2023-5452 GHSA-rr5c-69c9-gj9f
Affected version: <=6.2.1
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows attackers to check whether a user account exists
PKSA-jrdw-kz9p-4bz7 CVE-2022-44381 GHSA-qqv9-gqh5-7h99
Affected version: <=6.0.14
Reported by:
GitHub -
[MEDIUM] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets
PKSA-44wz-9w6n-4dr3 CVE-2022-44380 GHSA-363q-j92x-7543
Affected version: <6.0.14
Reported by:
GitHub -
[MEDIUM] Snipe-IT vulnerable to Improper Authentication
PKSA-7r6m-2yf6-yhdg CVE-2022-3173 GHSA-fhvv-p968-6vvj
Affected version: <6.0.10
Reported by:
GitHub -
[MEDIUM] snipe-it vulnerable to cross-site scripting (XSS)
PKSA-w688-w6zs-zd4h CVE-2022-3035 GHSA-rff2-vqm3-jpv5
Affected version: <6.0.11
Reported by:
GitHub -
[MEDIUM] Insufficient Session Expiration in snipe/snipe-it
PKSA-rfx5-qvwj-94st CVE-2022-2997 GHSA-cmxc-9ghj-jp87
Affected version: <6.0.10
Reported by:
GitHub -
[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting
PKSA-z58z-h4zh-1zhj CVE-2022-32061 GHSA-xwqx-x38c-cw95
Affected version: <=6.0.2
Reported by:
GitHub -
[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings
PKSA-8j5v-fmm7-wt5m CVE-2022-32060 GHSA-w82x-xjjr-cjr5
Affected version: <=6.0.2
Reported by:
GitHub -
[MEDIUM] Improper Access Control in snipe/snipe-it
PKSA-mx1p-71nz-7bbw CVE-2022-1511 GHSA-p2vw-f87c-q597
Affected version: <5.4.4
Reported by:
GitHub -
[MEDIUM] Stored cross-site scripting in Snipe-IT
PKSA-cry2-5f97-1776 CVE-2022-1445 GHSA-hpx4-xjp7-m4vr
Affected version: <5.4.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in snipe-it
PKSA-tysm-wwww-bphm CVE-2022-1380 GHSA-p885-prv3-m4xv
Affected version: <5.4.3
Reported by:
GitHub -
[HIGH] Old sessions not blocked by login enable function in Snipe-IT
PKSA-111v-cp4h-45pv CVE-2022-1155 GHSA-636j-7x7r-gvw2
Affected version: <5.4.2|>=6.0.0-RC-1,<=6.0.0-RC-5
Reported by:
GitHub -
[MEDIUM] Generation of Error Message Containing Sensitive Information in Snipe-IT
PKSA-6qhy-57tc-w8br CVE-2022-0622 GHSA-pwwm-pwx2-2hw7
Affected version: <5.3.11
Reported by:
GitHub -
[HIGH] Improper Privilege Management in Snipe-IT
PKSA-tnk3-ggr7-23qc CVE-2022-0611 GHSA-j57w-3c39-gpp5
Affected version: <5.3.11
Reported by:
GitHub