CVE-2022-0579

MEDIUM6.5EPSS 0.30%

Improper Privilege Management in Snipe-IT

Published: 2/15/2022Modified: 2/16/2024

Description

Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content.

Affected packages (1)

Packagist/snipe/snipe-itfrom 0, < 5.3.9

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0579
PATCHhttps://github.com/snipe/snipe-it
WEBhttps://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1
WEBhttps://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849