Incorrect Default Permissions and Improper Access Control in snipe-it · CVE-2022-0179 · GitHub Advisory Database · GitHub

Incorrect Default Permissions and Improper Access Control in snipe-it

Moderate severity GitHub Reviewed Published Jan 21, 2022 to the GitHub Advisory Database • Updated Jun 30, 2023

Package

snipe/snipe-it (Composer)

Affected versions

< 5.3.7

Patched versions

5.3.7

Description

snipe-it is vulnerable to Improper Access Control/Incorrect Default Permissions.

References

Published by the National Vulnerability Database

Jan 12, 2022

Reviewed Jan 18, 2022

Published to the GitHub Advisory Database Jan 21, 2022

Last updated Jun 30, 2023

Severity

Moderate

5.4

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N