Lucene search
HaxatronCCF073CD-7F54-4D51-89F2-6B4A2E4AE81EHistoryDec 16, 2021 - 3:58 a.m.
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2021-12-1603:58:25
haxatron
www.huntr.dev
10
0.001 Low
EPSS
Percentile
47.4%
Description
CSRF to disrupt request tracking
Proof of Concept
Open the HTML file as a logged-in user
<img src="http://[SNIPE_IT]/account/request-asset/1">
Impact
Unauthenticated attackers situated outside of the organization can disrupt request tracking by sending the malicious HTML to a user which will cause them to request an asset.
Related
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-12-20 04:40:37
cnvd
cnvd
snipe-it cross-site request forgery vulnerability (CNVD-2022-08728)
2021-12-21 00:00:00
cve
cve
CVE-2021-4130
2021-12-18 05:15:08
osv
osv
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
2022-01-05 20:33:16
CVE-2021-4130
2021-12-18 05:15:08
nvd
nvd
CVE-2021-4130
2021-12-18 05:15:08
prion
prion
Cross site request forgery (csrf)
2021-12-18 05:15:00
cvelist
cvelist
CVE-2021-4130 Cross-Site Request Forgery (CSRF) in snipe/snipe-it
2021-12-18 04:40:10
github
github
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
2022-01-05 20:33:16