CVE-2024-5685

216.73.217.22

· Published 14/06/2024 10:15 · Modified 14/06/2024 10:15

Labels: CVE-2024-5685 2024-06-14 596c5446-0ce5-4ba2-aa66-48b3b757a647 CVE-2024-5685 CWE-862

Essential information

Published: 14/06/2024 10:15
Modified: 14/06/2024 10:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 596c5446-0ce5-4ba2-aa66-48b3b757a647
NVD: View on NVD

CVE-2024-5685

Essential information

Description

NVD status

References