-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from insufficient permission checks in the file access flow. The critical change in the patch was adding '$this->authorize("licenses.files", $license)' in LicenseFilesController's show() method. Prior to 6.0.10, this method only checked general 'view' permission (via '$this->authorize("view", $license)'), not the specific 'licenses.files' permission required for file operations. This allowed users with view-only access to bypass file modification protections. Other changes in policies and views support this fix but the primary vulnerable function was the unguarded show() method handling file access.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| snipe/snipe-it | composer | < 6.0.10 | 6.0.10 |