Security Advisory

CVE-2024-5685

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-06-14 09:54:41

Last updated 2024-08-01 21:18:06

Assigner Checkmarx

State PUBLISHED

Description

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the groups memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

← Browse all CVEs View on cve.org ↗