Base Score

MEDIUM4.3

CVE-2021-3931

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

VectorNETWORK

Published Bysecurity@huntr.dev

Published DateNov 13, 2021, 09:15

Affected Versions(1)

snipe/snipe-it(Packagist)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
snipe/snipe-it(Packagist)	0	N/A	N/A

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/snipe/snipe-it/commit/0d811d067c8e064252c0143c39d6cd4c3133679e
https://huntr.dev/bounties/03b21d69-3bf5-4b2f-a2cf-872dd677a68f

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE