CVE-2022-0178
MEDIUM5.4EPSS 0.21%Improper Access Control in snipe-it
Published: 1/26/2022Modified: 2/16/2024
Description
Users with no system permissions are able to see and create personal access tokens
Affected packages (1)
- Packagist/snipe/snipe-itfrom 0, < 5.3.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0178
- PATCHhttps://github.com/snipe/snipe-it
- WEBhttps://github.com/snipe/snipe-it/commit/0e5ef53c352754de2778ffa20c85da15fd6f7ae0
- WEBhttps://github.com/snipe/snipe-it/commit/512dbfee7acfcafa1524c8b2fb4cc4ef96958d0b
- WEBhttps://huntr.dev/bounties/81c6b974-d0b3-410b-a902-8324a55b1368