php · snipe/snipe-itHeads-up
Snipe-IT: Privilege escalation via two-factor reset by editors
A user with edit permissions on other users can reset a superadmin's two-factor authentication.
What changed
A user with edit permissions on other users can reset a superadmin's two-factor authentication.
Who it affects
Snipe-IT instances where users have edit permissions on other users, potentially allowing privilege escalation.
What to do today
Upgrade to version 8.5.0 or later to patch the vulnerability.
The trail
Collected→
Audited→
Written→
Published