In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.
Start learningUpgrade snipe/snipe-it to version 8.4.2 or higher.
snipe/snipe-it is an asset management system built on Laravel.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the BulkAssetsController::update process. An attacker can gain unauthorized access to assets belonging to other companies by supplying a crafted company_id parameter, allowing movement of assets across company boundaries.