GHSA-fhvv-p968-6vvj

Source

https://github.com/advisories/GHSA-fhvv-p968-6vvj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-fhvv-p968-6vvj/GHSA-fhvv-p968-6vvj.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-fhvv-p968-6vvj

Aliases

CVE-2022-3173

Published

2022-09-18T00:00:30Z

Modified

2023-11-01T04:59:04.139009Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Snipe-IT vulnerable to Improper Authentication

Details

Snipe-IT prior to 6.0.10 is vulnerable to Improper Authentication. A user without the View and Modify License Files permission may access files uploaded to licenses as long as they have the View permission for licenses.

Database specific

{
    "cwe_ids": [
        "CWE-287"
    ],
    "github_reviewed_at": "2022-09-20T18:19:21Z",
    "severity": "MODERATE",
    "nvd_published_at": "2022-09-17T07:15:00Z",
    "github_reviewed": true
}

References

Affected packages

Packagist / snipe/snipe-it

Package

Name: snipe/snipe-it
Purl: pkg:composer/snipe/snipe-it

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.10

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.3.0-alpha

v0.3.7-alpha

v0.3.8-alpha

v0.3.9-alpha

v0.3.10-alpha

v0.3.11-alpha

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.2.2

v1.2.3-beta

v1.2.3

v1.2.4-beta

v1.2.4

v1.2.5

v1.2.6-beta

v1.2.6

v1.2.6.1

v1.2.7-beta

v1.2.7

v1.2.8

v1.2.9

v1.2.10

v1.2.11

v2.*

v2.0-beta

v2.0-RC-1

v2.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v3.*

v3.0-alpha

v3.0-alpha2

v3.0-beta.1

v3.0-beta.2

v3.0-beta.3

v3.0

v3.0.0-beta

v3.1.0

v3.3.0-beta

v3.3.0

v3.4

v3.4.0-alpha

v3.4.0-beta

v3.5.0-beta

v3.5.0-beta2

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

3.*

3.2.0

Other

v4-beta3

v4-beta4

v4.*

v4.0-alpha

v4.0-alpha-2

v4.0-beta

v4.0-beta2

v4.0-beta5

v4.0-beta6

v4.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.1.0-beta

v4.1.0-beta2

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v4.6.1

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v4.6.7

v4.6.8

v4.6.9

v4.6.10

v4.6.11

v4.6.12

v4.6.13

v4.6.14

v4.6.15

v4.6.16

v4.6.17

v4.6.18

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7

v4.7.8

v4.8.0

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0-beta-1.0

v5.0.0-beta-1.1

v5.0.0-beta-2

v5.0.0-beta-3.0

v5.0.0-beta-4

v5.0.0-beta-5

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.0.10

v5.0.11

v5.0.12

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.2.0

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.3.10

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v6.*

v6.0.0-RC-1

v6.0.0-RC-2

v6.0.0-RC-3

v6.0.0-RC-4

v6.0.0-RC-5

v6.0.0-RC-6

v6.0.0-RC-7

v6.0.0-RC-8

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9