Snipe Snipe-it
2 CVEs affecting Snipe Snipe-it. Latest disclosed: 2024-06-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23064 | High | 8.8 | 2022-05-02 | In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, i… |
CVE-2024-5685 | High | 7.6 | 2024-06-14 | Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call… |