CVE-2024-51094
Published: 12 November 2024
Summary
CVE-2024-51094 is a high-severity Improper Neutralization of Formula Elements in a CSV File (CWE-1236) vulnerability in Snipeitapp Snipe-It. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 40.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-45285
Vulnerability details
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV…
more
file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.