CVE-2024-48987

Published October 11th, 2024

View on NVD ↗

CVSS v3

6.6

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.

grokability/snipe-it

A free open source IT asset/license management system

GitHub

13.9K