[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Multiple vulnerabilities in Snipe-IT
From:       Charalampos Maraziaris <cmaraziaris () census-labs ! com>
Date:       2022-12-23 18:42:51
Message-ID: 4f88c2cf-994b-6a33-66a5-07694d5032c5 () census-labs ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]

[Attachment #4 (text/plain)]

Hello all,

I have identified an XSS (CVE-2022-44380) and a user fingerprinting issue (CVE-2022-44381) in \
Snipe-IT versions prior to 6.0.14.

There's more information about these issues here:
https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/

The Snipe-IT project has patched CVE-2022-44380 in version 6.0.14, but CVE-2022-44381 has yet \
to be addressed correctly.

Best Regards,

Charalampos Maraziaris


["OpenPGP_signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]