PT-2022-13297 · Snipe-It · Snipe-It

Published

2022-02-15

Updated

2023-08-02

CVE-2022-0611

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 5.3.11

Description The issue concerns improper privilege management, allowing an unprivileged user to create maintenance for an asset. This can be exploited due to missing authorization in the software. Version 5.3.11 contains a patch for this issue.

Recommendations For versions prior to 5.3.11, update to version 5.3.11 to resolve the issue. As a temporary workaround, consider restricting access to maintenance creation for unprivileged users until the patch is applied.

Exploit

Fix

Improper Privilege Management

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-862

Related Identifiers

CVE-2022-0611

GHSA-J57W-3C39-GPP5

Affected Products

Snipe-It

PT-2022-13297 · Snipe-It · Snipe-It

CVE-2022-0611

Weakness Enumeration

Related Identifiers

Affected Products

References · 8