CVE-2022-0579

描述

Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content.

受影響套件(1)

• Packagist/snipe/snipe-itfrom 0, < 5.3.9

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0579
• PATCHhttps://github.com/snipe/snipe-it
• WEBhttps://github.com/snipe/snipe-it/commit/db0c0e790892db874573d95f8ae4268b8a011ab1
• WEBhttps://huntr.dev/bounties/70a99cf4-3241-4ffc-b9ed-5c54932f3849