Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

Published

2024-06-14T10:15:10.817

Last Modified

2025-03-07T16:07:06.043

Status

Analyzed

Source

596c5446-0ce5-4ba2-aa66-48b3b757a647

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	snipeitapp	snipe-it	< 6.4.2	Yes

References

https://advisory.checkmarx.net/?search=CVE-2024-5685 Third Party Advisory (596c5446-0ce5-4ba2-aa66-48b3b757a647)
https://devhub.checkmarx.com/cve-details/CVE-2024-5685/ Third Party Advisory (596c5446-0ce5-4ba2-aa66-48b3b757a647)
https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1 Patch (596c5446-0ce5-4ba2-aa66-48b3b757a647)
https://github.com/snipe/snipe-it/pull/14745 Issue Tracking (596c5446-0ce5-4ba2-aa66-48b3b757a647)
https://github.com/snipe/snipe-it/releases/tag/v6.4.2 Release Notes (596c5446-0ce5-4ba2-aa66-48b3b757a647)
https://advisory.checkmarx.net/?search=CVE-2024-5685 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://devhub.checkmarx.com/cve-details/CVE-2024-5685/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/snipe/snipe-it/pull/14745 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/snipe/snipe-it/releases/tag/v6.4.2 Release Notes (af854a3a-2127-422b-91ae-364da2661108)