Search

Find a vulnerability

Search criteria

    52 vulnerabilities found for snipe/snipe-it by snipe

    CVE-2023-5511 (GCVE-0-2023-5511)

    Vulnerability from nvd – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in snipe/snipe-it
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v.6.2.3 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 0 , < 6.2.3 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThan": "6.2.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5511",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T15:11:33.303055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T15:52:55.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v.6.2.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-11T00:00:19.827Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
            }
          ],
          "source": {
            "advisory": "43206801-9862-48da-b379-e55e341d78bf",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5511",
        "datePublished": "2023-10-11T00:00:19.827Z",
        "dateReserved": "2023-10-11T00:00:06.888Z",
        "dateUpdated": "2024-09-18T15:52:55.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5452 (GCVE-0-2023-5452)

    Vulnerability from nvd – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in snipe/snipe-it
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v6.2.2 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 0 , < 6.2.2 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThan": "6.2.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5452",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:16:22.383104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:38:29.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v6.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T19:27:24.872Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
            }
          ],
          "source": {
            "advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5452",
        "datePublished": "2023-10-06T19:27:24.872Z",
        "dateReserved": "2023-10-06T19:27:11.788Z",
        "dateUpdated": "2024-09-19T14:38:29.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3173 (GCVE-0-2022-3173)

    Vulnerability from nvd – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Improper Authentication in snipe/snipe-it
    Summary
    Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 6.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-17T06:50:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
            }
          ],
          "source": {
            "advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authentication in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3173",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authentication in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
                }
              ]
            },
            "source": {
              "advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3173",
        "datePublished": "2022-09-17T06:50:08.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:10.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3035 (GCVE-0-2022-3035)

    Vulnerability from nvd – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in snipe/snipe-it
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v6.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:09.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-29T19:35:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
            }
          ],
          "source": {
            "advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3035",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v6.0.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
                }
              ]
            },
            "source": {
              "advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3035",
        "datePublished": "2022-08-29T19:35:09.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:09.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2997 (GCVE-0-2022-2997)

    Vulnerability from nvd – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Session Fixation in snipe/snipe-it
    Summary
    Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 6.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-25T20:30:16.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
            }
          ],
          "source": {
            "advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2997",
              "STATE": "PUBLIC",
              "TITLE": "Session Fixation in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-384 Session Fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
                }
              ]
            },
            "source": {
              "advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2997",
        "datePublished": "2022-08-25T20:30:17.000Z",
        "dateReserved": "2022-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1511 (GCVE-0-2022-1511)

    Vulnerability from nvd – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.4.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
            }
          ],
          "source": {
            "advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1511",
        "datePublished": "2022-04-28T00:00:00.000Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1445 (GCVE-0-2022-1445)

    Vulnerability from nvd – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
    Summary
    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.4.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-24T14:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
            }
          ],
          "source": {
            "advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1445",
              "STATE": "PUBLIC",
              "TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
                }
              ]
            },
            "source": {
              "advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1445",
        "datePublished": "2022-04-24T14:30:12.000Z",
        "dateReserved": "2022-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1380 (GCVE-0-2022-1380)

    Vulnerability from nvd – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
    Summary
    Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v5.4.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-16T11:30:20.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
            }
          ],
          "source": {
            "advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1380",
              "STATE": "PUBLIC",
              "TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v5.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
                }
              ]
            },
            "source": {
              "advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1380",
        "datePublished": "2022-04-16T11:30:20.000Z",
        "dateReserved": "2022-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1155 (GCVE-0-2022-1155)

    Vulnerability from nvd – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Old sessions are not blocked by the login enable function. in snipe/snipe-it
    Summary
    Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-30T12:20:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
            }
          ],
          "source": {
            "advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
            "discovery": "EXTERNAL"
          },
          "title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1155",
              "STATE": "PUBLIC",
              "TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-840 Business Logic Errors"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
                }
              ]
            },
            "source": {
              "advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1155",
        "datePublished": "2022-03-30T12:20:14.000Z",
        "dateReserved": "2022-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0622 (GCVE-0-2022-0622)

    Vulnerability from nvd – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Generation of Error Message Containing Sensitive Information in snipe/snipe-it
    Summary
    Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-17T02:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
            }
          ],
          "source": {
            "advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
            "discovery": "EXTERNAL"
          },
          "title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0622",
              "STATE": "PUBLIC",
              "TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Generation of Error Message Containing Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
                }
              ]
            },
            "source": {
              "advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0622",
        "datePublished": "2022-02-17T02:05:11.000Z",
        "dateReserved": "2022-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0611 (GCVE-0-2022-0611)

    Vulnerability from nvd – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:44:29.245Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
            }
          ],
          "source": {
            "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0611",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
                }
              ]
            },
            "source": {
              "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0611",
        "datePublished": "2022-02-15T23:30:11.000Z",
        "dateReserved": "2022-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0579 (GCVE-0-2022-0579)

    Vulnerability from nvd – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:46:12.021Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
            }
          ],
          "source": {
            "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0579",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
                }
              ]
            },
            "source": {
              "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0579",
        "datePublished": "2022-02-14T19:00:10.000Z",
        "dateReserved": "2022-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0569 (GCVE-0-2022-0569)

    Vulnerability from nvd – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Observable Discrepancy in snipe/snipe-it
    Summary
    Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v5.3.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v5.3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
                }
              ],
              "value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:46:47.232Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
            }
          ],
          "source": {
            "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
            "discovery": "EXTERNAL"
          },
          "title": "Observable Discrepancy in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0569",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v5.3.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
                }
              ]
            },
            "source": {
              "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0569",
        "datePublished": "2022-02-12T23:55:09.000Z",
        "dateReserved": "2022-02-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0178 (GCVE-0-2022-0178)

    Vulnerability from nvd – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:51:12.094Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
            }
          ],
          "source": {
            "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0178",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "snipe-it is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
                }
              ]
            },
            "source": {
              "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0178",
        "datePublished": "2022-01-13T22:25:11.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0179 (GCVE-0-2022-0179)

    Vulnerability from nvd – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    snipe-it is vulnerable to Missing Authorization
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "snipe-it is vulnerable to Missing Authorization"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
            }
          ],
          "source": {
            "advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0179",
        "datePublished": "2022-01-12T00:00:00.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5511 (GCVE-0-2023-5511)

    Vulnerability from cvelistv5 – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
    VLAI
    Title
    Cross-Site Request Forgery (CSRF) in snipe/snipe-it
    Summary
    Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v.6.2.3 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 0 , < 6.2.3 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThan": "6.2.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5511",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-18T15:11:33.303055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-18T15:52:55.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v.6.2.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-11T00:00:19.827Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
            }
          ],
          "source": {
            "advisory": "43206801-9862-48da-b379-e55e341d78bf",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5511",
        "datePublished": "2023-10-11T00:00:19.827Z",
        "dateReserved": "2023-10-11T00:00:06.888Z",
        "dateUpdated": "2024-09-18T15:52:55.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5452 (GCVE-0-2023-5452)

    Vulnerability from cvelistv5 – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in snipe/snipe-it
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v6.2.2 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 0 , < 6.2.2 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:59:44.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThan": "6.2.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5452",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:16:22.383104Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:38:29.938Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v6.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-06T19:27:24.872Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
            }
          ],
          "source": {
            "advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5452",
        "datePublished": "2023-10-06T19:27:24.872Z",
        "dateReserved": "2023-10-06T19:27:11.788Z",
        "dateUpdated": "2024-09-19T14:38:29.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3173 (GCVE-0-2022-3173)

    Vulnerability from cvelistv5 – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Improper Authentication in snipe/snipe-it
    Summary
    Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 6.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:10.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-17T06:50:08.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
            }
          ],
          "source": {
            "advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Authentication in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3173",
              "STATE": "PUBLIC",
              "TITLE": "Improper Authentication in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
                }
              ]
            },
            "source": {
              "advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3173",
        "datePublished": "2022-09-17T06:50:08.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:10.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3035 (GCVE-0-2022-3035)

    Vulnerability from cvelistv5 – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
    VLAI
    Title
    Cross-site Scripting (XSS) - Stored in snipe/snipe-it
    Summary
    Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v6.0.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:00:09.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-29T19:35:09.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
            }
          ],
          "source": {
            "advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
            "discovery": "EXTERNAL"
          },
          "title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-3035",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v6.0.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
                }
              ]
            },
            "source": {
              "advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-3035",
        "datePublished": "2022-08-29T19:35:09.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T01:00:09.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2997 (GCVE-0-2022-2997)

    Vulnerability from cvelistv5 – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
    VLAI
    Title
    Session Fixation in snipe/snipe-it
    Summary
    Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 6.0.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:53:00.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-25T20:30:16.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
            }
          ],
          "source": {
            "advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
            "discovery": "EXTERNAL"
          },
          "title": "Session Fixation in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-2997",
              "STATE": "PUBLIC",
              "TITLE": "Session Fixation in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-384 Session Fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
                }
              ]
            },
            "source": {
              "advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-2997",
        "datePublished": "2022-08-25T20:30:17.000Z",
        "dateReserved": "2022-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:53:00.860Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1511 (GCVE-0-2022-1511)

    Vulnerability from cvelistv5 – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.4.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
            }
          ],
          "source": {
            "advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1511",
        "datePublished": "2022-04-28T00:00:00.000Z",
        "dateReserved": "2022-04-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1445 (GCVE-0-2022-1445)

    Vulnerability from cvelistv5 – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
    Summary
    Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.4.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.250Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-24T14:30:12.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
            }
          ],
          "source": {
            "advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1445",
              "STATE": "PUBLIC",
              "TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
                }
              ]
            },
            "source": {
              "advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1445",
        "datePublished": "2022-04-24T14:30:12.000Z",
        "dateReserved": "2022-04-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.250Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1380 (GCVE-0-2022-1380)

    Vulnerability from cvelistv5 – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
    VLAI
    Title
    Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
    Summary
    Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v5.4.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:03:06.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v5.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-16T11:30:20.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
            }
          ],
          "source": {
            "advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1380",
              "STATE": "PUBLIC",
              "TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v5.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
                }
              ]
            },
            "source": {
              "advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1380",
        "datePublished": "2022-04-16T11:30:20.000Z",
        "dateReserved": "2022-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:03:06.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1155 (GCVE-0-2022-1155)

    Vulnerability from cvelistv5 – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
    VLAI
    Title
    Old sessions are not blocked by the login enable function. in snipe/snipe-it
    Summary
    Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.248Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-840",
                  "description": "CWE-840 Business Logic Errors",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-30T12:20:14.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
            }
          ],
          "source": {
            "advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
            "discovery": "EXTERNAL"
          },
          "title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-1155",
              "STATE": "PUBLIC",
              "TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-840 Business Logic Errors"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
                }
              ]
            },
            "source": {
              "advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-1155",
        "datePublished": "2022-03-30T12:20:14.000Z",
        "dateReserved": "2022-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0622 (GCVE-0-2022-0622)

    Vulnerability from cvelistv5 – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Generation of Error Message Containing Sensitive Information in snipe/snipe-it
    Summary
    Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
    CWE
    • CWE-209 - Generation of Error Message Containing Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.446Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-209",
                  "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-17T02:05:11.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
            }
          ],
          "source": {
            "advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
            "discovery": "EXTERNAL"
          },
          "title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0622",
              "STATE": "PUBLIC",
              "TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-209 Generation of Error Message Containing Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
                }
              ]
            },
            "source": {
              "advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0622",
        "datePublished": "2022-02-17T02:05:11.000Z",
        "dateReserved": "2022-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.446Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0611 (GCVE-0-2022-0611)

    Vulnerability from cvelistv5 – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:44:29.245Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
            }
          ],
          "source": {
            "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0611",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
                }
              ]
            },
            "source": {
              "advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0611",
        "datePublished": "2022-02-15T23:30:11.000Z",
        "dateReserved": "2022-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0579 (GCVE-0-2022-0579)

    Vulnerability from cvelistv5 – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.168Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:46:12.021Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
            }
          ],
          "source": {
            "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0579",
              "STATE": "PUBLIC",
              "TITLE": "Improper Privilege Management in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
                }
              ]
            },
            "source": {
              "advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0579",
        "datePublished": "2022-02-14T19:00:10.000Z",
        "dateReserved": "2022-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0569 (GCVE-0-2022-0569)

    Vulnerability from cvelistv5 – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
    VLAI
    Title
    Observable Discrepancy in snipe/snipe-it
    Summary
    Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < v5.3.9 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:46.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "v5.3.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
                }
              ],
              "value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Observable Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:46:47.232Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
            }
          ],
          "source": {
            "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
            "discovery": "EXTERNAL"
          },
          "title": "Observable Discrepancy in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0569",
              "STATE": "PUBLIC",
              "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v5.3.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
                }
              ]
            },
            "source": {
              "advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0569",
        "datePublished": "2022-02-12T23:55:09.000Z",
        "dateReserved": "2022-02-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:32:46.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0178 (GCVE-0-2022-0178)

    Vulnerability from cvelistv5 – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:42.014Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-02T08:51:12.094Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
            }
          ],
          "source": {
            "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@huntr.dev",
              "ID": "CVE-2022-0178",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Control in snipe/snipe-it"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe/snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.3.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "snipe-it is vulnerable to Improper Access Control"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
                  "refsource": "CONFIRM",
                  "url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
                },
                {
                  "name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
                }
              ]
            },
            "source": {
              "advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0178",
        "datePublished": "2022-01-13T22:25:11.000Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:42.014Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0179 (GCVE-0-2022-0179)

    Vulnerability from cvelistv5 – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
    VLAI
    Title
    Missing Authorization in snipe/snipe-it
    Summary
    snipe-it is vulnerable to Missing Authorization
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe/snipe-it Affected: unspecified , < 5.3.6 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:18:41.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "snipe-it is vulnerable to Missing Authorization"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-29T00:00:00.000Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
            }
          ],
          "source": {
            "advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in snipe/snipe-it"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2022-0179",
        "datePublished": "2022-01-12T00:00:00.000Z",
        "dateReserved": "2022-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:18:41.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }