Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
The vulnerability results from insufficient validation of uploaded backup files (CWE-434 — unrestricted upload of file with dangerous type). An authenticated attacker uploads a malicious backup file containing arbitrary files that, after processing by the application, are placed on the server. Subsequently, the attacker is able to execute arbitrary system commands in the context of the application server process. The attack vector is network-based, requires no victim interaction, and does not require high privileges (a regular user account is sufficient).
An attacker can gain full control of the server, including access to sensitive data (C:H), modification or deletion of data (I:H), and prevention of system operation (A:H). Due to the changed scope (S:C), the impact may extend beyond the Snipe-IT application itself and include other systems in the environment.
Snipe-IT should be immediately updated to version 8.3.3 or later, available at: https://github.com/grokability/snipe-it/releases/tag/v8.3.3. The fix was introduced as part of pull request #17966 in the official project repository.
Snipe-IT (Snipeitapp Snipe-IT) in all versions before 8.3.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HSnipeitapp Snipe It
APPSnipeitapp< 8.3.3
Related vulnerabilities
RCE w Snipe-IT — Insecure Permissions w API uploadu plików
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-adm...
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit...
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insu...
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious...