Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for snipe-it by snipe

    CVE-2024-5685 (GCVE-0-2024-5685)

    Vulnerability from nvd – Published: 2024-06-14 09:54 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Broken Function Level Authorization (BFLA) in snipe/snipe-it
    Summary
    Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe-it Affected: v4.6.17 , ≤ v6.4.1 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 4.6.17 , ≤ 6.4.1 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-14 09:50
    Credits
    Davide Ferreira, Checkmarx Research Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.1",
                    "status": "affected",
                    "version": "4.6.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T19:05:09.437942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T19:09:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/pull/14745"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe-it",
              "repo": "https://github.com/snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThanOrEqual": "v6.4.1",
                  "status": "affected",
                  "version": "v4.6.17",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Davide Ferreira, Checkmarx Research Group"
            }
          ],
          "datePublic": "2024-06-14T09:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users with \"User:edit\" and \"Self:api\" permissions\u0026nbsp;can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.\u003cp\u003eThis issue affects snipe-it: from v4.6.17 through v6.4.1.\u003c/p\u003e"
                }
              ],
              "value": "Users with \"User:edit\" and \"Self:api\" permissions\u00a0can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-19T09:06:46.798Z",
            "orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
            "shortName": "Checkmarx"
          },
          "references": [
            {
              "url": "https://github.com/snipe/snipe-it/pull/14745"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version v6.4.2 to mitigate the issue.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to version v6.4.2 to mitigate the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Function Level Authorization (BFLA) in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
        "assignerShortName": "Checkmarx",
        "cveId": "CVE-2024-5685",
        "datePublished": "2024-06-14T09:54:41.433Z",
        "dateReserved": "2024-06-06T14:26:24.960Z",
        "dateUpdated": "2024-08-01T21:18:06.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23064 (GCVE-0-2022-23064)

    Vulnerability from nvd – Published: 2022-05-02 12:30 – Updated: 2024-09-16 22:39
    VLAI
    Title
    Snipe-IT - Host Header Injection
    Summary
    In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe-it Affected: v3.0-alpha , < unspecified (custom)
    Affected: unspecified , ≤ v5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2022-05-01 00:00
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "v3.0-alpha",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "v5.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "datePublic": "2022-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T12:30:14.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade version to v5.3.8 or higher"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT - Host Header Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "2022-05-01T12:07:00.000Z",
              "ID": "CVE-2022-23064",
              "STATE": "PUBLIC",
              "TITLE": "Snipe-IT - Host Header Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "v3.0-alpha"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "v5.3.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade version to v5.3.8 or higher"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-23064",
        "datePublished": "2022-05-02T12:30:14.778Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:57.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5685 (GCVE-0-2024-5685)

    Vulnerability from cvelistv5 – Published: 2024-06-14 09:54 – Updated: 2024-08-01 21:18
    VLAI
    Title
    Broken Function Level Authorization (BFLA) in snipe/snipe-it
    Summary
    Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    snipe snipe-it Affected: v4.6.17 , ≤ v6.4.1 (custom)
    Create a notification for this product.
    snipeitapp snipe-it Affected: 4.6.17 , ≤ 6.4.1 (custom)
        cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-06-14 09:50
    Credits
    Davide Ferreira, Checkmarx Research Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "snipe-it",
                "vendor": "snipeitapp",
                "versions": [
                  {
                    "lessThanOrEqual": "6.4.1",
                    "status": "affected",
                    "version": "4.6.17",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T19:05:09.437942Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T19:09:09.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:18:06.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/pull/14745"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "snipe-it",
              "repo": "https://github.com/snipe/snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThanOrEqual": "v6.4.1",
                  "status": "affected",
                  "version": "v4.6.17",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Davide Ferreira, Checkmarx Research Group"
            }
          ],
          "datePublic": "2024-06-14T09:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Users with \"User:edit\" and \"Self:api\" permissions\u0026nbsp;can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.\u003cp\u003eThis issue affects snipe-it: from v4.6.17 through v6.4.1.\u003c/p\u003e"
                }
              ],
              "value": "Users with \"User:edit\" and \"Self:api\" permissions\u00a0can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-19T09:06:46.798Z",
            "orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
            "shortName": "Checkmarx"
          },
          "references": [
            {
              "url": "https://github.com/snipe/snipe-it/pull/14745"
            },
            {
              "url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version v6.4.2 to mitigate the issue.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to version v6.4.2 to mitigate the issue."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Function Level Authorization (BFLA) in snipe/snipe-it",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
        "assignerShortName": "Checkmarx",
        "cveId": "CVE-2024-5685",
        "datePublished": "2024-06-14T09:54:41.433Z",
        "dateReserved": "2024-06-06T14:26:24.960Z",
        "dateUpdated": "2024-08-01T21:18:06.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-23064 (GCVE-0-2022-23064)

    Vulnerability from cvelistv5 – Published: 2022-05-02 12:30 – Updated: 2024-09-16 22:39
    VLAI
    Title
    Snipe-IT - Host Header Injection
    Summary
    In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    snipe snipe-it Affected: v3.0-alpha , < unspecified (custom)
    Affected: unspecified , ≤ v5.3.7 (custom)
    Create a notification for this product.
    Date Public
    2022-05-01 00:00
    Credits
    WhiteSource Vulnerability Research Team (WVR)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:28:43.275Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "snipe-it",
              "vendor": "snipe",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "v3.0-alpha",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "v5.3.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "WhiteSource Vulnerability Research Team (WVR)"
            }
          ],
          "datePublic": "2022-05-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T12:30:14.000Z",
            "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
            "shortName": "Mend"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade version to v5.3.8 or higher"
            }
          ],
          "source": {
            "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
            "discovery": "UNKNOWN"
          },
          "title": "Snipe-IT - Host Header Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
              "DATE_PUBLIC": "2022-05-01T12:07:00.000Z",
              "ID": "CVE-2022-23064",
              "STATE": "PUBLIC",
              "TITLE": "Snipe-IT - Host Header Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "snipe-it",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "v3.0-alpha"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "v5.3.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "snipe"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "WhiteSource Vulnerability Research Team (WVR)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc",
                  "refsource": "MISC",
                  "url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
                },
                {
                  "name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064",
                  "refsource": "MISC",
                  "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade version to v5.3.8 or higher"
              }
            ],
            "source": {
              "advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
        "assignerShortName": "Mend",
        "cveId": "CVE-2022-23064",
        "datePublished": "2022-05-02T12:30:14.778Z",
        "dateReserved": "2022-01-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:39:57.099Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }