snipe/snipe-it is vulnerable to improper authentication. A remote authenticated attacker is able to access unauthorized files through the `viewKeys` function as long as they have the `View` permission, which exposes confidential information required to create the API keys without the corresponding consent.Read More