4 matches found
CVE-2021-4089
snipe-it is vulnerable to Improper Access Control...
CVE-2021-4089
snipe-it is vulnerable to Improper Access Control...
CVE-2021-4089
snipe-it is vulnerable to Improper Access Control...
CVE-2021-4089
Snipe-IT is affected by an Improper Access Control vulnerability (CVE-2021-4089) affecting versions prior to 5.3.4. The issue arises because regular users with DENY to all models permissions can still view model data via the /models/{id}/clone endpoint due to missing authorize('view') checks. Imp...