PT-2022-13275 · Snipe-It · Snipe-It
Published
2022-02-14
·
Updated
2023-08-02
·
CVE-2022-0579
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Snipe-IT versions prior to 5.3.9
Description
The issue concerns improper privilege management, allowing a user without access to the supplier module to view supplier content.
Recommendations
For versions prior to 5.3.9, update to version 5.3.9 or later to resolve the issue.
Exploit
Fix
Improper Privilege Management
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snipe-It