CVE-2021-408910.12.2021, 20:15snipe-it is vulnerable to Improper Access ControlEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST4.3 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N@huntrdevCNA4.3 MEDIUMNETWORKLOWLOWCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 32%VendorProductVersionsnipeitappsnipe-it𝑥≤ 5.3.3𝑥= Vulnerable software versionsKnown Exploits!https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862Common Weakness EnumerationCWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.CWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.Referenceshttps://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862