Lucene search
Veracode Vulnerability DatabaseVERACODE:34261HistoryFeb 17, 2022 - 7:03 a.m.
Privilege Escalation
2022-02-1707:03:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
41.2%
snipe/snipe-it is vulnerable to privilege escalation. The vulnerability exists in AssetMaintenancesController.php and AssetMaintenancesController.php due to missing edit / delete Asset gates which allows an unauthenticated user to create maintenance for asset.
| CPE | Name | Operator | Version |
|---|---|---|---|
| snipe/snipe-it | le | v5.3.10 | |
| snipe/snipe-it | le | v5.3.10 |
References
github.com/advisories/GHSA-j57w-3c39-gpp5
github.com/snipe/snipe-it/blob/master/app/Http/Controllers/AssetMaintenancesController.php#L6-L307
github.com/snipe/snipe-it/blob/master/app/Http/Controllers/AssetModelsController.php#L20-L480
github.com/snipe/snipe-it/commit/321be4733d3997fc738f0118e1b9af5905f95439
github.com/snipe/snipe-it/pull/10672
huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b
huntr.dev/bounties/7b7447fc-f1b0-446c-b016-ee3f6511010b/
Related
cnvd
cnvd
snipe-it elevation of privilege vulnerability
2022-02-17 00:00:00
osv
osv
CVE-2022-0611
2022-02-16 00:15:07
Improper Privilege Management in Snipe-IT
2022-02-17 00:00:35
cve
cve
CVE-2022-0611
2022-02-16 00:15:07
prion
prion
Authorization
2022-02-16 00:15:00
cvelist
cvelist
CVE-2022-0611 Missing Authorization in snipe/snipe-it
2022-02-15 23:30:11
huntr
huntr
Improper Privilege Management in snipe/snipe-it
2022-02-10 15:54:06
github
github
Improper Privilege Management in Snipe-IT
2022-02-17 00:00:35
nvd
nvd
CVE-2022-0611
2022-02-16 00:15:07