php · snipe/snipe-itCritical
Snipe-IT: Non-Admin Users with users.edit Permission Can Lock Out Admins
A vulnerability allows non-admin users with the `users.
What changed
A vulnerability allows non-admin users with the `users.edit` permission to lock out all admins by editing the `activated` and `ldap_import` flags.
Who it affects
All Snipe-IT instances where non-admin users have been granted the `users.edit` permission.
What to do today
Apply the patch from commit 403f9c848b05274642f64450696bdcdc242a352a immediately.
The trail
Collected→
Audited→
Written→
Published