Lucene search

[email protected]NVD:CVE-2021-4130

HistoryDec 18, 2021 - 5:15 a.m.

CVE-2021-4130

2021-12-1805:15:08

CWE-352

[email protected]

web.nvd.nist.gov

snipe-it

cross-site request forgery

csrf

cve-2021-4130

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.7%

JSON

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

Affected configurations

Nvd

Node

snipeitappsnipe-itRange<5.3.6

VendorProductVersionCPE
snipeitappsnipe-it*cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
snipeitapp	snipe-it	*	cpe:2.3:a:snipeitapp:snipe-it::::::::

References

github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae

huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

47.7%

JSON

Related for NVD:CVE-2021-4130

veracode1 cnvd1 osv2 cve1 huntr1 prion1 cvelist1 github1