Search
Find a vulnerability
Search criteria
4 vulnerabilities found for snipe-it by snipe
CVE-2024-5685 (GCVE-0-2024-5685)
Vulnerability from nvd – Published: 2024-06-14 09:54 – Updated: 2024-08-01 21:18
VLAI
Title
Broken Function Level Authorization (BFLA) in snipe/snipe-it
Summary
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/snipe/snipe-it/pull/14745 | |
| https://github.com/snipe/snipe-it/commit/34f1ea1c… | |
| https://github.com/snipe/snipe-it/releases/tag/v6.4.2 | release-notes |
| https://devhub.checkmarx.com/cve-details/CVE-2024-5685/ | third-party-advisory |
| https://advisory.checkmarx.net/?search=CVE-2024-5685 | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| snipe | snipe-it |
Affected:
v4.6.17 , ≤ v6.4.1
(custom)
|
|
| snipeitapp | snipe-it |
Affected:
4.6.17 , ≤ 6.4.1
(custom)
cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:* |
Date Public
2024-06-14 09:50
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "4.6.17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:05:09.437942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:09:09.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/pull/14745"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe-it",
"repo": "https://github.com/snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThanOrEqual": "v6.4.1",
"status": "affected",
"version": "v4.6.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Davide Ferreira, Checkmarx Research Group"
}
],
"datePublic": "2024-06-14T09:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users with \"User:edit\" and \"Self:api\" permissions\u0026nbsp;can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.\u003cp\u003eThis issue affects snipe-it: from v4.6.17 through v6.4.1.\u003c/p\u003e"
}
],
"value": "Users with \"User:edit\" and \"Self:api\" permissions\u00a0can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T09:06:46.798Z",
"orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"shortName": "Checkmarx"
},
"references": [
{
"url": "https://github.com/snipe/snipe-it/pull/14745"
},
{
"url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version v6.4.2 to mitigate the issue.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to version v6.4.2 to mitigate the issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Function Level Authorization (BFLA) in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"assignerShortName": "Checkmarx",
"cveId": "CVE-2024-5685",
"datePublished": "2024-06-14T09:54:41.433Z",
"dateReserved": "2024-06-06T14:26:24.960Z",
"dateUpdated": "2024-08-01T21:18:06.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23064 (GCVE-0-2022-23064)
Vulnerability from nvd – Published: 2022-05-02 12:30 – Updated: 2024-09-16 22:39
VLAI
Title
Snipe-IT - Host Header Injection
Summary
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
Severity
8.8 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/snipe/snipe-it/commit/0c4768fd… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
Date Public
2022-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v3.0-alpha",
"versionType": "custom"
},
{
"lessThanOrEqual": "v5.3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T12:30:14.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade version to v5.3.8 or higher"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Snipe-IT - Host Header Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-05-01T12:07:00.000Z",
"ID": "CVE-2022-23064",
"STATE": "PUBLIC",
"TITLE": "Snipe-IT - Host Header Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v3.0-alpha"
},
{
"version_affected": "\u003c=",
"version_value": "v5.3.7"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade version to v5.3.8 or higher"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-23064",
"datePublished": "2022-05-02T12:30:14.778Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:39:57.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5685 (GCVE-0-2024-5685)
Vulnerability from cvelistv5 – Published: 2024-06-14 09:54 – Updated: 2024-08-01 21:18
VLAI
Title
Broken Function Level Authorization (BFLA) in snipe/snipe-it
Summary
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/snipe/snipe-it/pull/14745 | |
| https://github.com/snipe/snipe-it/commit/34f1ea1c… | |
| https://github.com/snipe/snipe-it/releases/tag/v6.4.2 | release-notes |
| https://devhub.checkmarx.com/cve-details/CVE-2024-5685/ | third-party-advisory |
| https://advisory.checkmarx.net/?search=CVE-2024-5685 | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| snipe | snipe-it |
Affected:
v4.6.17 , ≤ v6.4.1
(custom)
|
|
| snipeitapp | snipe-it |
Affected:
4.6.17 , ≤ 6.4.1
(custom)
cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:* |
Date Public
2024-06-14 09:50
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:4.6.17:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "4.6.17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T19:05:09.437942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T19:09:09.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/pull/14745"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe-it",
"repo": "https://github.com/snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThanOrEqual": "v6.4.1",
"status": "affected",
"version": "v4.6.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Davide Ferreira, Checkmarx Research Group"
}
],
"datePublic": "2024-06-14T09:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users with \"User:edit\" and \"Self:api\" permissions\u0026nbsp;can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.\u003cp\u003eThis issue affects snipe-it: from v4.6.17 through v6.4.1.\u003c/p\u003e"
}
],
"value": "Users with \"User:edit\" and \"Self:api\" permissions\u00a0can promote or demote themselves or other users by performing changes to the group\u0027s memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T09:06:46.798Z",
"orgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"shortName": "Checkmarx"
},
"references": [
{
"url": "https://github.com/snipe/snipe-it/pull/14745"
},
{
"url": "https://github.com/snipe/snipe-it/commit/34f1ea1c0ecd403047cd1327569ee391a7201cc1"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/snipe/snipe-it/releases/tag/v6.4.2"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-5685/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://advisory.checkmarx.net/?search=CVE-2024-5685"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to version v6.4.2 to mitigate the issue.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to version v6.4.2 to mitigate the issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Function Level Authorization (BFLA) in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"assignerShortName": "Checkmarx",
"cveId": "CVE-2024-5685",
"datePublished": "2024-06-14T09:54:41.433Z",
"dateReserved": "2024-06-06T14:26:24.960Z",
"dateUpdated": "2024-08-01T21:18:06.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23064 (GCVE-0-2022-23064)
Vulnerability from cvelistv5 – Published: 2022-05-02 12:30 – Updated: 2024-09-16 22:39
VLAI
Title
Snipe-IT - Host Header Injection
Summary
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.
Severity
8.8 (High)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/snipe/snipe-it/commit/0c4768fd… | x_refsource_MISC |
| https://www.whitesourcesoftware.com/vulnerability… | x_refsource_MISC |
Impacted products
Date Public
2022-05-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:43.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v3.0-alpha",
"versionType": "custom"
},
{
"lessThanOrEqual": "v5.3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2022-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T12:30:14.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade version to v5.3.8 or higher"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Snipe-IT - Host Header Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2022-05-01T12:07:00.000Z",
"ID": "CVE-2022-23064",
"STATE": "PUBLIC",
"TITLE": "Snipe-IT - Host Header Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v3.0-alpha"
},
{
"version_affected": "\u003c=",
"version_value": "v5.3.7"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0c4768fd2a11ac26a61814cef23a71061bfd8bcc"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23064"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade version to v5.3.8 or higher"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2022-23064",
"datePublished": "2022-05-02T12:30:14.778Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:39:57.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}