Snipe Snipe-it

2 CVEs affecting Snipe Snipe-it. Latest disclosed: 2024-06-14. Critical: 0, High: 2.

Top CVEs affecting Snipe Snipe-it
CVESeverityScorePublishedSummary
CVE-2022-23064High8.82022-05-02In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, i…
CVE-2024-5685High7.62024-06-14Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call…