Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS13M3YzLWN4cTUtOXZyNM0itA

Moderate EPSS: 0.00221% (0.4479 Percentile) EPSS:
Permalink JSON

Incorrect Default Permissions and Improper Access Control in snipe-it

Affected Packages Affected Versions Fixed Versions
packagist:snipe/snipe-it < 5.3.7 5.3.7
0 Dependent packages
1 Dependent repositories
503 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.2.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 3.1.0, 3.2.0, 3.3.0, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.2.0, 4.3.0, 4.4.0, 4.4.1, 4.5.0, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7, 4.6.8, 4.6.9, 4.6.10, 4.6.11, 4.6.12, 4.6.13, 4.6.14, 4.6.15, 4.6.16, 4.6.17, 4.6.18, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.8.0, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6

All unaffected versions

5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.1.0, 6.1.1, 6.1.2, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.4.0, 6.4.1, 6.4.2, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.1.14, 7.1.15, 7.1.16, 7.1.17, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.15, 8.1.16, 8.1.17, 8.1.18, 8.2.0, 8.2.1

snipe-it is vulnerable to Improper Access Control/Incorrect Default Permissions.

References:

Identifiers

GHSA-w3v3-cxq5-9vr4

CVE-2022-0179

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00221

EPSS Percentile: 0.4479

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/snipe/snipe-it

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON