It was found that if a user is not having access to supplier module, he can access and view the supplier content.
https://demo.snipeitapp.com/suppliers/1
Just enumerate the number, and you will see the details
This vulnerability will help an attacker view restricted content.