cbcvebase.
CVE-2022-1155
published 2022-03-30

CVE-2022-1155: Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

PriorityP336high7.4CVSS 3.1
AVNACLPRLUINSCCLILAL
EPSS
0.98%
57.7th percentile
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

Affected

5 ranges
VendorProductVersion rangeFixed in
snipesnipe-it>= 0 < 5.4.25.4.2
snipesnipe-it>= 6.0.0-RC-1 < 6.0.0-RC-66.0.0-RC-6
snipesnipe_snipe-it>= unspecified < 5.3.105.3.10
snipeitappsnipe-it< 5.3.105.3.10
snipeitappsnipe-it

CVSS provenance

nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.