Publication date: | 02/25/2022 |
Date of change: | 03/20/2022 |
Total views: | 17839 |
Danger: |
Medium |
Fix available: | Yes |
Number of vulnerabilities: | one |
CVSSv3.1 rating: | 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] |
CVE ID: | CVE-2022-0622 |
Operating vector: | Remote |
Impact: | Bypass Security Restrictions System compromise |
CWE ID: | No data |
Exploit presence: | No data |
Vulnerable products: | snipe-it |
Vulnerable versions: | snipe-it versions 5.3.11, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3. 0 |
Description: |
Disclosure of important data in snipe-it |
Manufacturer URL: | https://github.com/snipes |
Solution: | Install the patch from the manufacturer’s website. |
Links: | https://huntr.dev/bounties/4ed99dab-5319-4b6b-919a-84a9acd0061a https://github.com/snipe/snipe-it/commit/178e44095141ab805c282f563fb088df1a10b2e2 https://github.com/snipe/snipe-it/releases/tag/v5.4.0 |
Source: securitylab.ru