Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-1155
CVE-2022-1155:
PHP vulnerability analysis and mitigation
Overview
A session management vulnerability was identified in Snipe-IT versions prior to 5.3.10, tracked as CVE-2022-1155. The vulnerability stems from a flaw where old sessions are not properly blocked by the login enable function, potentially allowing unauthorized access to the system (Debian Security).
Technical details
The vulnerability exists in the session management functionality of Snipe-IT, specifically in how the system handles user activation states. When a user's activated status is switched to off, their existing sessions were not properly terminated, allowing continued access despite the deactivation (GitHub Commit).
Impact
The vulnerability could allow users whose accounts have been deactivated to maintain access to the system through existing sessions, potentially bypassing intended access restrictions and compromising system security (Debian Security).
Mitigation and workarounds
The vulnerability has been fixed in Snipe-IT version 5.3.10 and later. The fix includes implementation of proper session termination when a user's activated status is switched to off, ensuring that existing sessions are properly invalidated (GitHub Commit).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management