Miggo Logo

CVE-2022-3173: Snipe-IT vulnerable to Improper Authentication

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.34585%
Published
9/18/2022
Updated
1/31/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
snipe/snipe-itcomposer< 6.0.106.0.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient permission checks in the file access flow. The critical change in the patch was adding '$this->authorize("licenses.files", $license)' in LicenseFilesController's show() method. Prior to 6.0.10, this method only checked general 'view' permission (via '$this->authorize("view", $license)'), not the specific 'licenses.files' permission required for file operations. This allowed users with view-only access to bypass file modification protections. Other changes in policies and views support this fix but the primary vulnerable function was the unguarded show() method handling file access.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Snip*-IT prior to *.*.** is vuln*r**l* to Improp*r *ut**nti**tion. * us*r wit*out t** `Vi*w *n* Mo*i*y Li**ns* *il*s` p*rmission m*y ****ss *il*s uplo**** to li**ns*s *s lon* *s t**y **v* t** `Vi*w` p*rmission *or li**ns*s.

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt p*rmission ****ks in t** *il* ****ss *low. T** *riti**l ***n** in t** p*t** w*s ***in* '$t*is->*ut*oriz*("li**ns*s.*il*s", $li**ns*)' in Li**ns**il*s*ontroll*r's s*ow() m*t*o*. Prior to *.*.**, t*is m*t*o*