CVE-2022-017912.01.2022, 05:15snipe-it is vulnerable to Missing AuthorizationEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.4 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N@huntrdevCNA6.3 MEDIUMNETWORKLOWLOWCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 40%VendorProductVersionsnipeitappsnipe-it𝑥< 5.3.7𝑥= Vulnerable software versionsKnown Exploits!https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7https://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7Common Weakness EnumerationCWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.Referenceshttps://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2ehttps://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7https://github.com/snipe/snipe-it/commit/cf14a0222c67472086cd08b2155f045edaf75f2ehttps://huntr.dev/bounties/efdf2ead-f9d1-4767-9f02-d11f762d15e7