GHSA-fhvv-p968-6vvj

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-fhvv-p968-6vvj/GHSA-fhvv-p968-6vvj.json
Aliases
  • CVE-2022-3173
Published
2022-09-18T00:00:30Z
Modified
2022-09-22T17:56:32.519730Z
Details

Snipe-IT prior to 6.0.10 is vulnerable to Improper Authentication. A user without the View and Modify License Files permission may access files uploaded to licenses as long as they have the View permission for licenses.

References

Affected packages

Packagist / snipe/snipe-it

snipe/snipe-it

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.0.10

Affected versions

3.*

3.2.0

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.3.0-alpha
v0.3.10-alpha
v0.3.11-alpha
v0.3.7-alpha
v0.3.8-alpha
v0.3.9-alpha

v1.*

v1.0
v1.1
v1.2.0
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.3-beta
v1.2.4
v1.2.4-beta
v1.2.5
v1.2.6
v1.2.6-beta
v1.2.6.1
v1.2.7
v1.2.7-beta
v1.2.8
v1.2.9

v2.*

v2.0
v2.0-RC-1
v2.0-beta
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.2

v3.*

v3.0
v3.0-alpha
v3.0-alpha2
v3.0-beta.1
v3.0-beta.2
v3.0-beta.3
v3.0.0-beta
v3.1.0
v3.3.0
v3.3.0-beta
v3.4
v3.4.0-alpha
v3.4.0-beta
v3.5.0
v3.5.0-beta
v3.5.0-beta2
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6

Other

v4-beta3
v4-beta4

v4.*

v4.0
v4.0-alpha
v4.0-alpha-2
v4.0-beta
v4.0-beta2
v4.0-beta5
v4.0-beta6
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.0-beta
v4.1.0-beta2
v4.1.1
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.6.0
v4.6.1
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.17
v4.6.18
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.7
v4.6.8
v4.6.9
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5

v5.*

v5.0.0
v5.0.0-beta-1.0
v5.0.0-beta-1.1
v5.0.0-beta-2
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.1
v5.0.10
v5.0.11
v5.0.12
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.2.0
v5.3.0
v5.3.1
v5.3.10
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4

v6.*

v6.0.0
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9