VYPR
High severityNVD Advisory· Published Jun 14, 2024· Updated Aug 1, 2024

Broken Function Level Authorization (BFLA) in snipe/snipe-it

CVE-2024-5685

Description

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
snipe/snipe-itPackagist
< 6.4.26.4.2

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.