EPSS
Percentile
35.0%
snipe/snipe-it is vulnerable to information exposure. The vulnerability exists in the sendResetLinkEmail function in the ForgotPasswordController.php file, allowing an attacker to read sensitive information in the system.
sendResetLinkEmail
ForgotPasswordController.php
github.com/advisories/GHSA-pwwm-pwx2-2hw7
github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2
github.com/snipe/snipe-it/pull/10679
huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a