snipe/snipe-it
Snipe-IT Missing Authorization Check in /api/v1/{object}/selectlist Exposes User Data
The GET /api/v1/{object}/selectlist API endpoint is missing an authorization check, allowing any authenticated user to retrieve a
Snipe-IT Privilege Escalation via PATCH /api/v1/users/{id}
A privilege escalation vulnerability allows users with only users.
Snipe-IT 2FA Endpoint Lacks Rate Limiting and Allows Bypass
POST /two-factor endpoint has no rate limiting, lockout, or attempt counter, enabling unlimited TOTP guesses.
Snipe-IT CSV Import Authorization Bypass in Update Mode
CSV user import in update mode bypasses user-edit authorization, allowing users with only import permission to overwrite non-admin
Snipe-IT: Privilege escalation via two-factor reset by editors
A user with edit permissions on other users can reset a superadmin's two-factor authentication.
snipe-it: Company ID bypass in BulkAssetsController::update()
BulkAssetsController::update() accepts company_id directly from user input without Company::getIdForCurrentUser(), allowing non-su
snipe-it: Admin privilege escalation via UsersController store()
The store() method in UsersController (web and API) does not strip admin permission when creating a user, allowing escalation to a
Snipe-IT 8.4.0 IDOR Vulnerability Allows Unauthorized File Deletion
A class-level authorization check in the file deletion endpoint allows any authenticated user with generic asset edit permissions
Snipe-IT S3 Signature Image Authorization Bypass
Snipe-IT S3 signature image retrieval lacks authorization before temporary URL.
Snipe-IT: Non-Admin Users with users.edit Permission Can Lock Out Admins
A vulnerability allows non-admin users with the `users.
Snipe-IT Accessories API Cross-Tenant Data Injection (FMCS)
A cross-tenant data injection vulnerability was identified in the Snipe-IT Accessories API when Full Multiple Companies Support (F