CVE-2024-5685

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-5685
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5685.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-5685
Aliases
Published
2024-06-14T10:15:10.817Z
Modified
2025-12-09T12:05:25.911523Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

References

Affected packages

Git / github.com/grokability/snipe-it

Affected ranges

Type
GIT
Repo
https://github.com/grokability/snipe-it
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
34f1ea1c0ecd403047cd1327569ee391a7201cc1
Fixed
986d5641f64b72ea86c288c24069512db672d191

Affected versions

3.*

3.2.0

5.*

5.1.7

V5.*

V5.4.0

v3.*

v3.0
v3.0-alpha
v3.0-alpha2
v3.0-beta.1
v3.0-beta.2
v3.0-beta.3
v3.0.0-beta
v3.1.0
v3.3.0
v3.3.0-beta
v3.4
v3.4.0-alpha
v3.4.0-beta
v3.5.0
v3.5.0-beta
v3.5.0-beta2
v3.5.1
v3.5.2
v3.6.0
v3.6.0-pre
v3.6.1
v3.6.1-pre
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6

Other

v4-beta3
v4-beta4

v4.*

v4.0
v4.0-alpha
v4.0-alpha-2
v4.0-beta
v4.0-beta2
v4.0-beta5
v4.0-beta6
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-beta
v4.1.0-beta2
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.6.0
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.17
v4.6.18
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.7
v4.6.8
v4.6.9
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5

v5.*

v5.0.0
v5.0.0-beta-1.0
v5.0.0-beta-1.1
v5.0.0-beta-2
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.0-beta-6-GM
v5.0.0-beta-7-GM
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.2.0
v5.3.0
v5.3.1
v5.3.10
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4

v6.*

v6.0.0
v6.0.0-GM
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1.0
v6.1.0-pre
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5685.json"

Git / github.com/snipe/snipe-it

Affected ranges

Type
GIT
Repo
https://github.com/snipe/snipe-it
Events
Introduced
33b59d7bed2a2dc24a285ec29530af327c5c108d
Fixed
986d5641f64b72ea86c288c24069512db672d191

Affected versions

5.*

5.1.7

V5.*

V5.4.0

v4.*

v4.6.17
v4.6.18
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5

v5.*

v5.0.0
v5.0.0-beta-1.0
v5.0.0-beta-1.1
v5.0.0-beta-2
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.0-beta-6-GM
v5.0.0-beta-7-GM
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.2.0
v5.3.0
v5.3.1
v5.3.10
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4

v6.*

v6.0.0
v6.0.0-GM
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v6.1.0
v6.1.0-pre
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.4.0
v6.4.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5685.json"