Описание
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| snipe-it | itp | package |
Связанные уязвимости
CVSS3: 7.6
nvd
больше 1 года назад
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
CVSS3: 8.1
github
больше 1 года назад
Snipe-IT allows users to promote or demote themselves or other users