CVE-2022-1511
published 2022-04-28CVE-2022-1511: Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.99%
58.2th percentile
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | >= 0 < 5.4.4 | 5.4.4 |
| snipe | snipe_snipe-it | >= unspecified < 5.4.4 | 5.4.4 |
| snipeitapp | snipe-it | < 5.4.4 | 5.4.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
cisa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Access Control in snipe/snipe-it
osv·2022-04-29
CVE-2022-1511 [MEDIUM] Improper Access Control in snipe/snipe-it
Improper Access Control in snipe/snipe-it
Snipe-IT prior to 5.4.4 is vulnerable to Missing Authorization.
GHSA
Improper Access Control in snipe/snipe-it
ghsa·2022-04-29
CVE-2022-1511 [MEDIUM] CWE-862 Improper Access Control in snipe/snipe-it
Improper Access Control in snipe/snipe-it
Snipe-IT prior to 5.4.4 is vulnerable to Missing Authorization.
CISA
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-0001 [HIGH] Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Vulnerability: Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Affected: Microsoft Graphics Device Interface (GDI)
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-0001
Remediation Due Date: 2022-03-24
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-28
Published