oss-sec mailing list archives
Multiple vulnerabilities in Snipe-IT
From: Charalampos Maraziaris <cmaraziaris () census-labs com>
Date: Fri, 23 Dec 2022 20:42:51 +0200
Hello all, I have identified an XSS (CVE-2022-44380) and a user fingerprinting issue (CVE-2022-44381) in Snipe-IT versions prior to 6.0.14. There's more information about these issues here: https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/ The Snipe-IT project has patched CVE-2022-44380 in version 6.0.14, but CVE-2022-44381 has yet to be addressed correctly. Best Regards, Charalampos Maraziaris
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
Current thread:
- Multiple vulnerabilities in Snipe-IT Charalampos Maraziaris (Dec 23)