CVE-2022-3173: Snipe-IT vulnerable to Improper Authentication
4.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.34585%
CWE
Published
9/18/2022
Updated
1/31/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
snipe/snipe-it | composer | < 6.0.10 | 6.0.10 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from insufficient permission checks in the file access flow. The critical change in the patch was adding '$this->authorize("licenses.files", $license)' in LicenseFilesController's show() method. Prior to 6.0.10, this method only checked general 'view' permission (via '$this->authorize("view", $license)'), not the specific 'licenses.files' permission required for file operations. This allowed users with view-only access to bypass file modification protections. Other changes in policies and views support this fix but the primary vulnerable function was the unguarded show() method handling file access.