Headline
CVE-2022-3173
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
Related news
GHSA-fhvv-p968-6vvj: Snipe-IT vulnerable to Improper Authentication
Snipe-IT prior to 6.0.10 is vulnerable to Improper Authentication. A user without the `View and Modify License Files` permission may access files uploaded to licenses as long as they have the `View` permission for licenses.