CVE-2021-4089 - OpenCVE

snipe-it is vulnerable to Improper Access Control

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Snipeitapp	Snipe-it

Configuration 1 [-]

cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24	Patch Third Party Advisory
https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2021-12-10T19:15:11

Updated: 2021-12-10T19:15:11

Reserved: 2021-12-09T00:00:00

Link: CVE-2021-4089

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-10T20:15:08.737

Modified: 2022-08-09T13:18:17.740

Link: CVE-2021-4089

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "snipe/snipe-it", "vendor": "snipe", "versions": [{"lessThan": "N/A", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "snipe-it is vulnerable to Improper Access Control"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-10T19:15:11", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24"}], "source": {"advisory": "19453ef1-4d77-4cff-b7e8-1bc8f3af0862", "discovery": "EXTERNAL"}, "title": "Improper Access Control in snipe/snipe-it", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-4089", "STATE": "PUBLIC", "TITLE": "Improper Access Control in snipe/snipe-it"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "snipe/snipe-it", "version": {"version_data": [{"version_affected": "<", "version_value": "N/A"}]}}]}, "vendor_name": "snipe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "snipe-it is vulnerable to Improper Access Control"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862"}, {"name": "https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24", "refsource": "MISC", "url": "https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24"}]}, "source": {"advisory": "19453ef1-4d77-4cff-b7e8-1bc8f3af0862", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-4089", "datePublished": "2021-12-10T19:15:11", "dateReserved": "2021-12-09T00:00:00", "dateUpdated": "2021-12-10T19:15:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7B92BBE-40C7-4E9C-9364-7DC9C5256F89", "versionEndIncluding": "5.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "snipe-it is vulnerable to Improper Access Control"}, {"lang": "es", "value": "snipe-it es vulnerable al Control de Acceso Inapropiado"}], "id": "CVE-2021-4089", "lastModified": "2022-08-09T13:18:17.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-10T20:15:08.737", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/snipe/snipe-it/commit/1699c09758e56f740437674a8d6ba36443399f24"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@huntr.dev", "type": "Secondary"}]}