Tankerkiller125

Name of the Vulnerable Software and Affected Versions: HomeBox versions prior to 0.20.1 Description: The issue is related to a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item attachments that they do not own, potentially leading to unauthorized data manipulation or loss of critical inventory data. Recommendations: For versions prior to 0.20.1, upgrade to version 0.20.1 to resolve the issue. As a temporary mitigation measure, consider restricting access to the API endpoints responsible for updating and deleting inventory item attachments until the upgrade is applied.