Improper Privilege Management in Snipe-IT · CVE-2022-0611 · GitHub Advisory Database · GitHub

Improper Privilege Management in Snipe-IT

High severity GitHub Reviewed Published Feb 17, 2022 to the GitHub Advisory Database • Updated Jul 21, 2023

Package

snipe/snipe-it (Composer)

Affected versions

< 5.3.11

Patched versions

5.3.11

Description

An unprivileged user of Snipe-IT prior to version 5.3.11 can create maintenance for an asset. Version 5.3.11 contains a patch for this issue.

References

Published by the National Vulnerability Database

Feb 16, 2022

Published to the GitHub Advisory Database Feb 17, 2022

Reviewed Feb 25, 2022

Last updated Jul 21, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H