Lucene search

CVE-2024-5685

🗓️ 14 Jun 2024 10:10:15Reported by 596c5446-0ce5-4ba2-aa66-48b3b757a647Type

Vulnerability in snipe-it API allows unauthorized user role changes

Reporter	Title	Published	Views	Family All 7
CVE	CVE-2024-5685	14 Jun 202410:15	–	cve
Vulnrichment	CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it	14 Jun 202409:54	–	vulnrichment
Cvelist	CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it	14 Jun 202409:54	–	cvelist
OSV	GHSA-544R-FC65-V832 Snipe-IT allows users to promote or demote themselves or other users	14 Jun 202412:30	–	osv
OSV	CVE-2024-5685	14 Jun 202410:15	–	osv
Github Security Blog	Snipe-IT allows users to promote or demote themselves or other users	14 Jun 202412:30	–	github
Veracode	Missing Authorization	17 Jun 202404:08	–	veracode

Nvd

Node

snipeitapp snipe-itRange4.6.17–6.4.2

Source	Link
github	www.github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1
github	www.github.com/snipe/snipe-it/releases/tag/v6.4.2
github	www.github.com/snipe/snipe-it/pull/14745
advisory	www.advisory.checkmarx.net/
devhub	www.devhub.checkmarx.com/cve-details/CVE-2024-5685/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 10:15Current

CVSS38.1

EPSS0.00045

CWE-862