Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0611
CVE-2022-0611:
PHP vulnerability analysis and mitigation
Overview
CVE-2022-0611 is a security vulnerability identified in Packagist snipe/snipe-it versions prior to 5.3.11. The vulnerability is characterized as a Missing Authorization issue that affects the asset management system (Debian Security).
Technical details
The vulnerability stems from missing authorization checks in the asset maintenance functionality of the Snipe-IT application. This was addressed by adding Asset edit/delete gates to maintenances operations, including view and edit authorizations for various asset-related operations (GitHub Commit).
Impact
The missing authorization controls could potentially allow unauthorized users to perform asset maintenance operations, including viewing, editing, and deleting maintenance records, which should be restricted to authorized personnel only (Debian Security).
Mitigation and workarounds
The vulnerability has been fixed in version 5.3.11 of snipe/snipe-it. Users should upgrade to this version or later to receive the security fix. The fix implements proper authorization checks through the addition of Asset edit/delete gates to maintenance operations (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management