Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
52 vulnerabilities found for snipe/snipe-it by snipe
CVE-2023-5511 (GCVE-0-2023-5511)
Vulnerability from nvd – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
VLAI?
Title
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
Severity ?
6.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v.6.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:11:33.303055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:52:55.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v.6.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T00:00:19.827Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"source": {
"advisory": "43206801-9862-48da-b379-e55e341d78bf",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5511",
"datePublished": "2023-10-11T00:00:19.827Z",
"dateReserved": "2023-10-11T00:00:06.888Z",
"dateUpdated": "2024-09-18T15:52:55.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5452 (GCVE-0-2023-5452)
Vulnerability from nvd – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
VLAI?
Title
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:16:22.383104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:38:29.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T19:27:24.872Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"source": {
"advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5452",
"datePublished": "2023-10-06T19:27:24.872Z",
"dateReserved": "2023-10-06T19:27:11.788Z",
"dateUpdated": "2024-09-19T14:38:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3173 (GCVE-0-2022-3173)
Vulnerability from nvd – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
VLAI?
Title
Improper Authentication in snipe/snipe-it
Summary
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-17T06:50:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3173",
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
]
},
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3173",
"datePublished": "2022-09-17T06:50:08.000Z",
"dateReserved": "2022-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3035 (GCVE-0-2022-3035)
Vulnerability from nvd – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.0.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.0.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T19:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3035",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v6.0.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
]
},
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3035",
"datePublished": "2022-08-29T19:35:09.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:09.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2997 (GCVE-0-2022-2997)
Vulnerability from nvd – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
VLAI?
Title
Session Fixation in snipe/snipe-it
Summary
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.6 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T20:30:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2997",
"STATE": "PUBLIC",
"TITLE": "Session Fixation in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
]
},
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2997",
"datePublished": "2022-08-25T20:30:17.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:53:00.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1511 (GCVE-0-2022-1511)
Vulnerability from nvd – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"source": {
"advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1511",
"datePublished": "2022-04-28T00:00:00.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1445 (GCVE-0-2022-1445)
Vulnerability from nvd – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
VLAI?
Title
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
Summary
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-24T14:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1445",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
]
},
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1445",
"datePublished": "2022-04-24T14:30:12.000Z",
"dateReserved": "2022-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1380 (GCVE-0-2022-1380)
Vulnerability from nvd – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
VLAI?
Title
Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
Summary
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-16T11:30:20.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1380",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
]
},
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1380",
"datePublished": "2022-04-16T11:30:20.000Z",
"dateReserved": "2022-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1155 (GCVE-0-2022-1155)
Vulnerability from nvd – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
VLAI?
Title
Old sessions are not blocked by the login enable function. in snipe/snipe-it
Summary
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
Severity ?
7.4 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T12:20:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
},
"title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1155",
"STATE": "PUBLIC",
"TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
]
},
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1155",
"datePublished": "2022-03-30T12:20:14.000Z",
"dateReserved": "2022-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0622 (GCVE-0-2022-0622)
Vulnerability from nvd – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
VLAI?
Title
Generation of Error Message Containing Sensitive Information in snipe/snipe-it
Summary
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T02:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0622",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
]
},
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0622",
"datePublished": "2022-02-17T02:05:11.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0611 (GCVE-0-2022-0611)
Vulnerability from nvd – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:44:29.245Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0611",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0611",
"datePublished": "2022-02-15T23:30:11.000Z",
"dateReserved": "2022-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0579 (GCVE-0-2022-0579)
Vulnerability from nvd – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:12.021Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0579",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0579",
"datePublished": "2022-02-14T19:00:10.000Z",
"dateReserved": "2022-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0569 (GCVE-0-2022-0569)
Vulnerability from nvd – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
VLAI?
Title
Observable Discrepancy in snipe/snipe-it
Summary
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
Severity ?
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
}
],
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:47.232Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0569",
"datePublished": "2022-02-12T23:55:09.000Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0178 (GCVE-0-2022-0178)
Vulnerability from nvd – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:51:12.094Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0178",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snipe-it is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0178",
"datePublished": "2022-01-13T22:25:11.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0179 (GCVE-0-2022-0179)
Vulnerability from nvd – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
snipe-it is vulnerable to Missing Authorization
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "snipe-it is vulnerable to Missing Authorization"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"source": {
"advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0179",
"datePublished": "2022-01-12T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5511 (GCVE-0-2023-5511)
Vulnerability from cvelistv5 – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
VLAI?
Title
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
Severity ?
6.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v.6.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:11:33.303055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:52:55.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v.6.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T00:00:19.827Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"source": {
"advisory": "43206801-9862-48da-b379-e55e341d78bf",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5511",
"datePublished": "2023-10-11T00:00:19.827Z",
"dateReserved": "2023-10-11T00:00:06.888Z",
"dateUpdated": "2024-09-18T15:52:55.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5452 (GCVE-0-2023-5452)
Vulnerability from cvelistv5 – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
VLAI?
Title
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:16:22.383104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:38:29.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T19:27:24.872Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"source": {
"advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5452",
"datePublished": "2023-10-06T19:27:24.872Z",
"dateReserved": "2023-10-06T19:27:11.788Z",
"dateUpdated": "2024-09-19T14:38:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3173 (GCVE-0-2022-3173)
Vulnerability from cvelistv5 – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
VLAI?
Title
Improper Authentication in snipe/snipe-it
Summary
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-17T06:50:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3173",
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
]
},
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3173",
"datePublished": "2022-09-17T06:50:08.000Z",
"dateReserved": "2022-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3035 (GCVE-0-2022-3035)
Vulnerability from cvelistv5 – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.0.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.0.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T19:35:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3035",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v6.0.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
]
},
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3035",
"datePublished": "2022-08-29T19:35:09.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:09.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2997 (GCVE-0-2022-2997)
Vulnerability from cvelistv5 – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
VLAI?
Title
Session Fixation in snipe/snipe-it
Summary
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.6 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T20:30:16.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2997",
"STATE": "PUBLIC",
"TITLE": "Session Fixation in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
]
},
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2997",
"datePublished": "2022-08-25T20:30:17.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:53:00.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1511 (GCVE-0-2022-1511)
Vulnerability from cvelistv5 – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"source": {
"advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1511",
"datePublished": "2022-04-28T00:00:00.000Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1445 (GCVE-0-2022-1445)
Vulnerability from cvelistv5 – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
VLAI?
Title
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it
Summary
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-24T14:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1445",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
]
},
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1445",
"datePublished": "2022-04-24T14:30:12.000Z",
"dateReserved": "2022-04-24T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1380 (GCVE-0-2022-1380)
Vulnerability from cvelistv5 – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
VLAI?
Title
Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
Summary
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-16T11:30:20.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1380",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
]
},
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1380",
"datePublished": "2022-04-16T11:30:20.000Z",
"dateReserved": "2022-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1155 (GCVE-0-2022-1155)
Vulnerability from cvelistv5 – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
VLAI?
Title
Old sessions are not blocked by the login enable function. in snipe/snipe-it
Summary
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
Severity ?
7.4 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T12:20:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
},
"title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1155",
"STATE": "PUBLIC",
"TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
]
},
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1155",
"datePublished": "2022-03-30T12:20:14.000Z",
"dateReserved": "2022-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0622 (GCVE-0-2022-0622)
Vulnerability from cvelistv5 – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
VLAI?
Title
Generation of Error Message Containing Sensitive Information in snipe/snipe-it
Summary
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T02:05:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0622",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
]
},
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0622",
"datePublished": "2022-02-17T02:05:11.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0611 (GCVE-0-2022-0611)
Vulnerability from cvelistv5 – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:44:29.245Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0611",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0611",
"datePublished": "2022-02-15T23:30:11.000Z",
"dateReserved": "2022-02-14T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0579 (GCVE-0-2022-0579)
Vulnerability from cvelistv5 – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:12.021Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0579",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0579",
"datePublished": "2022-02-14T19:00:10.000Z",
"dateReserved": "2022-02-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0569 (GCVE-0-2022-0569)
Vulnerability from cvelistv5 – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
VLAI?
Title
Observable Discrepancy in snipe/snipe-it
Summary
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
Severity ?
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
}
],
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:47.232Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0569",
"datePublished": "2022-02-12T23:55:09.000Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0178 (GCVE-0-2022-0178)
Vulnerability from cvelistv5 – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:51:12.094Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0178",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snipe-it is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0178",
"datePublished": "2022-01-13T22:25:11.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0179 (GCVE-0-2022-0179)
Vulnerability from cvelistv5 – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
VLAI?
Title
Missing Authorization in snipe/snipe-it
Summary
snipe-it is vulnerable to Missing Authorization
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "snipe-it is vulnerable to Missing Authorization"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"source": {
"advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0179",
"datePublished": "2022-01-12T00:00:00.000Z",
"dateReserved": "2022-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}