Lucene search

K
huntrKstarkloff81C6B974-D0B3-410B-A902-8324A55B1368
HistoryJan 09, 2022 - 7:39 p.m.

Improper Access Control in snipe/snipe-it

2022-01-0919:39:11
kstarkloff
www.huntr.dev
4

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

Description

A user with no rights for API tokens can view the page where API tokens can be generated and can generate API tokens.

Proof of Concept

  • Create a user with no permission for anything (i.e. everything on deny).

  • Log in with this user to the web application.

  • Visit http://127.0.0.1:8000/account/api => The user can see and generate personal API tokens even the user has no rights for it.

Impact

The impact trends to be low as the user sees / generates his own API tokens. If the page would have some other serious errors, the attacker could from this point on doing more stuff.

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

19.4%

Related for 81C6B974-D0B3-410B-A902-8324A55B1368