漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Snipe-IT: Improper Privilege Management
Vulnerability Description
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse result, allowing an administrator updating another administrator, or a user with users.edit updating a regular account, to remove the target’s administrative or granular permissions. This issue is fixed in version 8.6.0.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
Grokability Snipe-IT 权限许可和访问控制问题漏洞
Vulnerability Description
Grokability Snipe-IT是Grokability公司开源的一套开源IT资产/许可证管理系统。 Grokability Snipe-IT 8.6.0之前版本存在权限许可和访问控制问题漏洞,该漏洞源于权限许可和访问控制问题,攻击者可能利用该漏洞移除目标用户的管理员或详细权限。
CVSS Information
N/A
Vulnerability Type
N/A