Improper Privilege Management in Snipe-IT
Moderate severity
GitHub Reviewed
Published
Feb 15, 2022
to the GitHub Advisory Database
•
Updated Jul 21, 2023
Description
Published by the National Vulnerability Database
Feb 14, 2022
Published to the GitHub Advisory Database
Feb 15, 2022
Reviewed
Feb 24, 2022
Last updated
Jul 21, 2023
Snipe-IT prior to 5.3.9 is vulnerable to improper privilege management. A user who does not have access to the supplier module may view supplier content.
References