Lucene search
GoogleOSV:GHSA-553Q-HPVP-Q8PCHistoryDec 10, 2021 - 8:22 p.m.
Server-Side Request Forgery in snipe/snipe-it
2021-12-1020:22:15
Google
osv.dev
14
server-side request forgery
snipe-it
slack integration
port-scanning
internal network
post requests
software
EPSS
0.001
Percentile
41.1%
Admin users on the external network can perform blind POST-based SSRF (issue requests on behalf of the server into the internal network) via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network which can be escalated to higher-impact.
Related
osv
osv
CVE-2021-4075
2021-12-06 21:15:07
nvd
nvd
CVE-2021-4075
2021-12-06 21:15:07
cnvd
cnvd
Snipe-IT code issue vulnerability
2021-12-08 00:00:00
huntr
huntr
Server-Side Request Forgery (SSRF) in snipe/snipe-it
2021-12-05 18:00:16
github
github
Server-Side Request Forgery in snipe/snipe-it
2021-12-10 20:22:15
cve
cve
CVE-2021-4075
2021-12-06 21:15:07
cvelist
cvelist
CVE-2021-4075 Server-Side Request Forgery (SSRF) in snipe/snipe-it
2021-12-06 20:20:10
prion
prion
Server side request forgery (ssrf)
2021-12-06 21:15:00
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-12-07 04:01:23