Business Logic Errors

2022-03-3108:24:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.9%

JSON

snipe/snipe-it is vulnerable to business logic errors. The vulnerability exists in the handle function of Authenticate.php because login enable does not block the old session which allows a malicious user to exploit the flaw and leak data.

CPENameOperatorVersion
snipe/snipe-itlev5.4.1
snipe/snipe-itlev5.4.1

CPE	Name	Operator	Version
	snipe/snipe-it	le	v5.4.1
	snipe/snipe-it	le	v5.4.1

References

github.com/advisories/GHSA-636j-7x7r-gvw2

github.com/snipe/snipe-it/commit/bdabbbd4e98e88ee01e728ceb4fd512661fbd38d

github.com/snipe/snipe-it/pull/10876

huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1

huntr.dev/bounties/ebc26354-2414-4f72-88aa-f044aec2b2e1/

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for VERACODE:34892