
We found results for “”
CVE-2021-3858
Good to know:

Date: October 19, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352Top Fix

Upgrade Version
Upgrade to version snipe/snipe-it - dev-dependabot/github_actions/actions/checkout-4;snipe/snipe-it - dev-edit_eol_from_bulk;snipe/snipe-it - dev-fixes/no-NO-language;snipe/snipe-it - dev-fixes/fix_crash_on_purged_models_in_activity_report;snipe/snipe-it - dev-better_handle_inline_files;snipe/snipe-it - dev-feature/google_login_more_prominent;snipe/snipe-it - dev-dependabot/github_actions/codacy/codacy-analysis-cli-action-4.2.0;snipe/snipe-it - dev-fix_for_qr_on_old_label_engine;snipe/snipe-it - dev-features/blade_component_for_submit;snipe/snipe-it - dev-snyk-upgrade-bcc306620433a4ebeaaed8c3e4d4c9eb;snipe/snipe-it - dev-security/snyk_Upgrade-jspdf-autotable-from-3.8.1-to-3.8.2-14365;snipe/snipe-it - dev-snyk-upgrade-23af2ac368155dc386040447ab4dee5e;snipe/snipe-it - dev-snyk-upgrade-48895ab5d277cdb4eb4964f8cdb50fa9;snipe/snipe-it - v5.3.0;snipe/snipe-it - dev-fixes/handle_arrays_on_validation_failure;snipe/snipe-it - dev-features/add_accept_pdf_to_asset_endpoint;snipe/snipe-it - dev-dependabot/github_actions/develop/docker/build-push-action-6;snipe/snipe-it - dev-snyk-upgrade-d1d4efb81b36300732134b2424e46428;snipe/snipe-it - v6.0.0-RC-1;snipe/snipe-it - dev-bug/check_for_valid_category_on_print;snipe/snipe-it - dev-snyk-fix-109de929f33df8035195d2e8d005af8b;snipe/snipe-it - dev-fixes/added_2fa_string;snipe/snipe-it - dev-dependabot/github_actions/docker/build-push-action-5;snipe/snipe-it - dev-snyk-upgrade-c984383061fd11ea3aa23a32407aa002;snipe/snipe-it - dev-features/google_socialite;snipe/snipe-it - dev-dependabot/github_actions/actions/checkout-3;snipe/snipe-it - dev-dependabot/github_actions/actions/checkout-3.1.0;snipe/snipe-it - dev-fixes/make_boolean_user_fields_more_consistant;snipe/snipe-it - dev-fixes/apply_v6_currency_formatter;snipe/snipe-it - dev-improve_safety_csv_charset_detection;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.1;snipe/snipe-it - dev-fixes/fixed_accessory_not_found_string;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.0;sp2gr11/reservation - dev-tristan.bomans
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |