snipe/snipe-it is vulnerable to privilege escalation. The vulnerability exists in AssetMaintenancesController.php
and AssetMaintenancesController.php
due to missing edit / delete Asset gates which allows an unauthenticated user to create maintenance for asset.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v5.3.10 | |
snipe/snipe-it | le | v5.3.10 |
github.com/advisories/GHSA-j57w-3c39-gpp5
github.com/snipe/snipe-it/blob/master/app/Http/Controllers/AssetMaintenancesController.php#L6-L307
github.com/snipe/snipe-it/blob/master/app/Http/Controllers/AssetModelsController.php#L20-L480
github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
github.com/snipe/snipe-it/pull/10672
huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b/