Lucene search
GoogleOSV:GHSA-9VWF-54M9-GC4FHistoryDec 16, 2021 - 2:32 p.m.
snipe-it is vulnerable to Improper Access Control
2021-12-1614:32:39
Google
osv.dev
8
snipe-it
software
improper access control
EPSS
0.001
Percentile
21.4%
snipe-it prior to version 5.3.4 is vulnerable to Improper Access Control. Regular users with DENY set to all models permissions can still view model information via the /models/{id}/clone endpoint due to no authorize(‘view’) permission being set.
Related
veracode
veracode
Insecure Access Control
2021-12-13 05:24:17
nvd
nvd
CVE-2021-4089
2021-12-10 20:15:08
cnvd
cnvd
Snipe-IT Access Control Error Vulnerability
2021-12-14 00:00:00
prion
prion
Improper access control
2021-12-10 20:15:00
cvelist
cvelist
CVE-2021-4089 Improper Access Control in snipe/snipe-it
2021-12-10 19:15:11
huntr
huntr
Improper Access Control in snipe/snipe-it
2021-12-09 04:42:53
osv
osv
CVE-2021-4089
2021-12-10 20:15:08
cve
cve
CVE-2021-4089
2021-12-10 20:15:08
github
github
snipe-it is vulnerable to Improper Access Control
2021-12-16 14:32:39