Skip to main content

Snipe It CVE-2022-3173

MEDIUM
Improper Authentication (CWE-287)
2022-09-17 security@huntr.dev
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 17, 2022 - 07:15 nvd
MEDIUM 4.3

DescriptionNVD

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

AnalysisAI

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. Affected products include: Snipeitapp Snipe-It. Version information: prior to 6.0.10..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2023-5511 HIGH POC
8.8 Oct 11

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. Rated high severity (CVSS 8.8),

CVE-2022-23064 HIGH POC
8.8 May 02

In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. Rated high severity (CVSS 8.8), this

CVE-2021-4130 HIGH POC
8.8 Dec 18

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2021-3858 HIGH POC
8.8 Oct 19

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remot

CVE-2022-2997 HIGH POC
8.0 Aug 25

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. Rated high severity (CVSS 8.0), this vulnerability

CVE-2022-1155 HIGH POC
7.4 Mar 30

Old sessions are not blocked by the login enable function. Rated high severity (CVSS 7.4), this vulnerability is remotel

CVE-2021-4075 HIGH POC
7.2 Dec 06

snipe-it is vulnerable to Server-Side Request Forgery (SSRF). Rated high severity (CVSS 7.2), this vulnerability is remo

CVE-2024-48987 MEDIUM POC
6.6 Oct 11

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the AP

CVE-2022-1511 MEDIUM POC
6.5 Apr 28

Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. Rated medium severity (CVSS 6.5), this vulnera

CVE-2021-4108 MEDIUM POC
6.1 Dec 14

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2021-3863 MEDIUM POC
6.1 Oct 19

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2025-65622 MEDIUM POC
5.4 Dec 01

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user

Share

CVE-2022-3173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy