2 matches found
CVE-2022-3173 Improper Authentication in snipe/snipe-it
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10...
CVE-2022-3173
CVE-2022-3173 affects Snipe-IT prior to 6.0.10. The issue is improper authentication/authorization, allowing a user with only limited license-view permissions to access files uploaded to licenses and, per sources, to create API keys despite lacking permission. Documents indicate a remote authenti...