Search criteria
52 vulnerabilities found for snipe/snipe-it by snipe
CVE-2023-5511 (GCVE-0-2023-5511)
Vulnerability from cvelistv5 – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
VLAI?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
Severity ?
6.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v.6.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:11:33.303055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:52:55.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v.6.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T00:00:19.827Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"source": {
"advisory": "43206801-9862-48da-b379-e55e341d78bf",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5511",
"datePublished": "2023-10-11T00:00:19.827Z",
"dateReserved": "2023-10-11T00:00:06.888Z",
"dateUpdated": "2024-09-18T15:52:55.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5452 (GCVE-0-2023-5452)
Vulnerability from cvelistv5 – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:16:22.383104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:38:29.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T19:27:24.872Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"source": {
"advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5452",
"datePublished": "2023-10-06T19:27:24.872Z",
"dateReserved": "2023-10-06T19:27:11.788Z",
"dateUpdated": "2024-09-19T14:38:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3173 (GCVE-0-2022-3173)
Vulnerability from cvelistv5 – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
VLAI?
Summary
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-17T06:50:08",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3173",
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
]
},
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3173",
"datePublished": "2022-09-17T06:50:08",
"dateReserved": "2022-09-12T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3035 (GCVE-0-2022-3035)
Vulnerability from cvelistv5 – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.0.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.0.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T19:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3035",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v6.0.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
]
},
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3035",
"datePublished": "2022-08-29T19:35:09",
"dateReserved": "2022-08-29T00:00:00",
"dateUpdated": "2024-08-03T01:00:09.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2997 (GCVE-0-2022-2997)
Vulnerability from cvelistv5 – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
VLAI?
Summary
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.6 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T20:30:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2997",
"STATE": "PUBLIC",
"TITLE": "Session Fixation in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
]
},
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2997",
"datePublished": "2022-08-25T20:30:17",
"dateReserved": "2022-08-25T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1511 (GCVE-0-2022-1511)
Vulnerability from cvelistv5 – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
VLAI?
Summary
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"source": {
"advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1511",
"datePublished": "2022-04-28T00:00:00",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1445 (GCVE-0-2022-1445)
Vulnerability from cvelistv5 – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
VLAI?
Summary
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-24T14:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1445",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
]
},
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1445",
"datePublished": "2022-04-24T14:30:12",
"dateReserved": "2022-04-24T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1380 (GCVE-0-2022-1380)
Vulnerability from cvelistv5 – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
VLAI?
Summary
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-16T11:30:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1380",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
]
},
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1380",
"datePublished": "2022-04-16T11:30:20",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1155 (GCVE-0-2022-1155)
Vulnerability from cvelistv5 – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
VLAI?
Summary
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
Severity ?
7.4 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T12:20:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
},
"title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1155",
"STATE": "PUBLIC",
"TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
]
},
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1155",
"datePublished": "2022-03-30T12:20:14",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0622 (GCVE-0-2022-0622)
Vulnerability from cvelistv5 – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
VLAI?
Summary
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T02:05:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0622",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
]
},
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0622",
"datePublished": "2022-02-17T02:05:11",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0611 (GCVE-0-2022-0611)
Vulnerability from cvelistv5 – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
VLAI?
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:44:29.245Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0611",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0611",
"datePublished": "2022-02-15T23:30:11",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0579 (GCVE-0-2022-0579)
Vulnerability from cvelistv5 – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
VLAI?
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:12.021Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0579",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0579",
"datePublished": "2022-02-14T19:00:10",
"dateReserved": "2022-02-13T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0569 (GCVE-0-2022-0569)
Vulnerability from cvelistv5 – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
VLAI?
Summary
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
Severity ?
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
}
],
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:47.232Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0569",
"datePublished": "2022-02-12T23:55:09",
"dateReserved": "2022-02-11T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0178 (GCVE-0-2022-0178)
Vulnerability from cvelistv5 – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
VLAI?
Summary
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:51:12.094Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0178",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snipe-it is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0178",
"datePublished": "2022-01-13T22:25:11",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0179 (GCVE-0-2022-0179)
Vulnerability from cvelistv5 – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
VLAI?
Summary
snipe-it is vulnerable to Missing Authorization
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "snipe-it is vulnerable to Missing Authorization"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"source": {
"advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0179",
"datePublished": "2022-01-12T00:00:00",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5511 (GCVE-0-2023-5511)
Vulnerability from nvd – Published: 2023-10-11 00:00 – Updated: 2024-09-18 15:52
VLAI?
Summary
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
Severity ?
6.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v.6.2.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5511",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:11:33.303055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:52:55.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v.6.2.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T00:00:19.827Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf"
},
{
"url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed"
}
],
"source": {
"advisory": "43206801-9862-48da-b379-e55e341d78bf",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5511",
"datePublished": "2023-10-11T00:00:19.827Z",
"dateReserved": "2023-10-11T00:00:06.888Z",
"dateUpdated": "2024-09-18T15:52:55.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5452 (GCVE-0-2023-5452)
Vulnerability from nvd – Published: 2023-10-06 19:27 – Updated: 2024-09-19 14:38
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.2.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snipe-it",
"vendor": "snipeitapp",
"versions": [
{
"lessThan": "6.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5452",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:16:22.383104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:38:29.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T19:27:24.872Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8"
},
{
"url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a"
}
],
"source": {
"advisory": "d6ed5ac1-2ad6-45fd-9492-979820bf60c8",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5452",
"datePublished": "2023-10-06T19:27:24.872Z",
"dateReserved": "2023-10-06T19:27:11.788Z",
"dateUpdated": "2024-09-19T14:38:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3173 (GCVE-0-2022-3173)
Vulnerability from nvd – Published: 2022-09-17 06:50 – Updated: 2024-08-03 01:00
VLAI?
Summary
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-17T06:50:08",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
],
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
},
"title": "Improper Authentication in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3173",
"STATE": "PUBLIC",
"TITLE": "Improper Authentication in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9"
},
{
"name": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/dcab1381e7ee0b7fd1df3a34750dbff4b79185b2"
}
]
},
"source": {
"advisory": "6d8ffcc6-c6e3-4385-8ead-bdbbbacf79e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3173",
"datePublished": "2022-09-17T06:50:08",
"dateReserved": "2022-09-12T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3035 (GCVE-0-2022-3035)
Vulnerability from nvd – Published: 2022-08-29 19:35 – Updated: 2024-08-03 01:00
VLAI?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v6.0.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v6.0.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T19:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
],
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3035",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v6.0.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0bbb1046-ea9e-4cb9-bc91-b294a72d1902"
},
{
"name": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/9cf5f30c77df6ab60baab1c0e6bb0b4e773f0eae"
}
]
},
"source": {
"advisory": "0bbb1046-ea9e-4cb9-bc91-b294a72d1902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3035",
"datePublished": "2022-08-29T19:35:09",
"dateReserved": "2022-08-29T00:00:00",
"dateUpdated": "2024-08-03T01:00:09.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2997 (GCVE-0-2022-2997)
Vulnerability from nvd – Published: 2022-08-25 20:30 – Updated: 2024-08-03 00:53
VLAI?
Summary
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
Severity ?
4.6 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 6.0.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T20:30:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
],
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2997",
"STATE": "PUBLIC",
"TITLE": "Session Fixation in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.0.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/c09bf21b-50d2-49f0-8c92-49f6b3c358d8"
},
{
"name": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/6fde72a69335c80079363b7d26aa94e7f67400e1"
}
]
},
"source": {
"advisory": "c09bf21b-50d2-49f0-8c92-49f6b3c358d8",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2997",
"datePublished": "2022-08-25T20:30:17",
"dateReserved": "2022-08-25T00:00:00",
"dateUpdated": "2024-08-03T00:53:00.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1511 (GCVE-0-2022-1511)
Vulnerability from nvd – Published: 2022-04-28 00:00 – Updated: 2024-08-03 00:03
VLAI?
Summary
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4a1723e9-5bc4-4c4b-bceb-1c45964cc71d"
},
{
"url": "https://github.com/snipe/snipe-it/commit/2e9cf8fa87a025c0eac9f79f4864b3fdd33a950c"
}
],
"source": {
"advisory": "4a1723e9-5bc4-4c4b-bceb-1c45964cc71d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1511",
"datePublished": "2022-04-28T00:00:00",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1445 (GCVE-0-2022-1445)
Vulnerability from nvd – Published: 2022-04-24 14:30 – Updated: 2024-08-03 00:03
VLAI?
Summary
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-24T14:30:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
],
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1445",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41"
}
]
},
"source": {
"advisory": "f4420149-5236-4051-a458-5d4f1d5b7abd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1445",
"datePublished": "2022-04-24T14:30:12",
"dateReserved": "2022-04-24T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1380 (GCVE-0-2022-1380)
Vulnerability from nvd – Published: 2022-04-16 11:30 – Updated: 2024-08-03 00:03
VLAI?
Summary
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Severity ?
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.4.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-16T11:30:20",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
],
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
},
"title": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1380",
"STATE": "PUBLIC",
"TITLE": "Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.4.3"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12"
},
{
"name": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9"
}
]
},
"source": {
"advisory": "3d45cfca-3a72-4578-b735-98837b998a12",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1380",
"datePublished": "2022-04-16T11:30:20",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1155 (GCVE-0-2022-1155)
Vulnerability from nvd – Published: 2022-03-30 12:20 – Updated: 2024-08-02 23:55
VLAI?
Summary
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
Severity ?
7.4 (High)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T12:20:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
],
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
},
"title": "Old sessions are not blocked by the login enable function. in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1155",
"STATE": "PUBLIC",
"TITLE": "Old sessions are not blocked by the login enable function. in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.10"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-840 Business Logic Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1"
},
{
"name": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d"
}
]
},
"source": {
"advisory": "ebc26354-2414-4f72-88aa-f044aec2b2e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1155",
"datePublished": "2022-03-30T12:20:14",
"dateReserved": "2022-03-29T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0622 (GCVE-0-2022-0622)
Vulnerability from nvd – Published: 2022-02-17 02:05 – Updated: 2024-08-02 23:32
VLAI?
Summary
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T02:05:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
],
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
},
"title": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0622",
"STATE": "PUBLIC",
"TITLE": "Generation of Error Message Containing Sensitive Information in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Generation of Error Message Containing Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a"
},
{
"name": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2"
}
]
},
"source": {
"advisory": "4ed99dab-5319-4b6b-919a-84a9acd0061a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0622",
"datePublished": "2022-02-17T02:05:11",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0611 (GCVE-0-2022-0611)
Vulnerability from nvd – Published: 2022-02-15 23:30 – Updated: 2024-08-02 23:32
VLAI?
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:44:29.245Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
],
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0611",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.11"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.11."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439"
}
]
},
"source": {
"advisory": "7b7447fc-f1b0-446c-b016-ee3f6511010b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0611",
"datePublished": "2022-02-15T23:30:11",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0579 (GCVE-0-2022-0579)
Vulnerability from nvd – Published: 2022-02-14 19:00 – Updated: 2024-08-02 23:32
VLAI?
Summary
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:12.021Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
],
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0579",
"STATE": "PUBLIC",
"TITLE": "Improper Privilege Management in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849"
},
{
"name": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1"
}
]
},
"source": {
"advisory": "70a99cf4-3241-4ffc-b9ed-5c54932f3849",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0579",
"datePublished": "2022-02-14T19:00:10",
"dateReserved": "2022-02-13T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0569 (GCVE-0-2022-0569)
Vulnerability from nvd – Published: 2022-02-12 23:55 – Updated: 2024-08-02 23:32
VLAI?
Summary
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
Severity ?
5.3 (Medium)
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < v5.3.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "v5.3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eObservable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\u003c/p\u003e"
}
],
"value": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:46:47.232Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
],
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
},
"title": "Observable Discrepancy in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0569",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v5.3.9"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist snipe/snipe-it prior to v5.3.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b41d5e63-bcd8-4864-8a2e-8ec74eec520b"
},
{
"name": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/05c0819776b07425b2831cd31a8a0f4e7ac30c09"
}
]
},
"source": {
"advisory": "b41d5e63-bcd8-4864-8a2e-8ec74eec520b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0569",
"datePublished": "2022-02-12T23:55:09",
"dateReserved": "2022-02-11T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0178 (GCVE-0-2022-0178)
Vulnerability from nvd – Published: 2022-01-13 22:25 – Updated: 2024-08-02 23:18
VLAI?
Summary
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.\u003cp\u003eThis issue affects snipe/snipe-i before 5.3.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:51:12.094Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
],
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0178",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in snipe/snipe-it"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "snipe/snipe-it",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.8"
}
]
}
}
]
},
"vendor_name": "snipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "snipe-it is vulnerable to Improper Access Control"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368"
},
{
"name": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0",
"refsource": "MISC",
"url": "https://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0"
}
]
},
"source": {
"advisory": "81c6b974-d0b3-410b-a902-8324a55b1368",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0178",
"datePublished": "2022-01-13T22:25:11",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0179 (GCVE-0-2022-0179)
Vulnerability from nvd – Published: 2022-01-12 00:00 – Updated: 2024-08-02 23:18
VLAI?
Summary
snipe-it is vulnerable to Missing Authorization
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| snipe | snipe/snipe-it |
Affected:
unspecified , < 5.3.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "snipe/snipe-it",
"vendor": "snipe",
"versions": [
{
"lessThan": "5.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "snipe-it is vulnerable to Missing Authorization"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7"
},
{
"url": "https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2e"
}
],
"source": {
"advisory": "efdf2ead-f9d1-4767-9f02-d11f762d15e7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in snipe/snipe-it"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0179",
"datePublished": "2022-01-12T00:00:00",
"dateReserved": "2022-01-11T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}