Lucene search
596c5446-0ce5-4ba2-aa66-48b3b757a647NVD:CVE-2024-5685HistoryJun 14, 2024 - 10:15 a.m.
CVE-2024-5685
2024-06-1410:15:10
CWE-862
596c5446-0ce5-4ba2-aa66-48b3b757a647
web.nvd.nist.gov
2
cve-2024-5685
user permissions
api vulnerability
snipe-it
unauthorized access
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
0.0004 Low
EPSS
Percentile
15.6%
Users with βUser:editβ and βSelf:apiβ permissionsΒ can promote or demote themselves or other users by performing changes to the groupβs memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
Related
cve
cve
CVE-2024-5685
2024-06-14 10:15:10
veracode
veracode
Missing Authorization
2024-06-17 04:08:44
github
github
Snipe-IT allows users to promote or demote themselves or other users
2024-06-14 12:30:50
osv
osv
CVE-2024-5685
2024-06-14 10:15:10
Snipe-IT allows users to promote or demote themselves or other users
2024-06-14 12:30:50
cvelist
cvelist
CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it
2024-06-14 09:54:41
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
0.0004 Low
EPSS
Percentile
15.6%
Related for NVD:CVE-2024-5685