[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Multiple vulnerabilities in Snipe-IT
From: Charalampos Maraziaris <cmaraziaris () census-labs ! com>
Date: 2022-12-23 18:42:51
Message-ID: 4f88c2cf-994b-6a33-66a5-07694d5032c5 () census-labs ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (text/plain)]
Hello all,
I have identified an XSS (CVE-2022-44380) and a user fingerprinting issue (CVE-2022-44381) in \
Snipe-IT versions prior to 6.0.14.
There's more information about these issues here:
https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/
The Snipe-IT project has patched CVE-2022-44380 in version 6.0.14, but CVE-2022-44381 has yet \
to be addressed correctly.
Best Regards,
Charalampos Maraziaris
["OpenPGP_signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic