CVE-2021-4075 — Server-Side Request Forgery in snipe/snipe-it

Description

Admin users on the external network can perform blind POST-based SSRF (issue requests on behalf of the server into the internal network) via the Slack Integration. This vulnerability is capable of port-scanning of the internal network, issue POST requests to web servers on the internal network which can be escalated to higher-impact.

How to fix CVE-2021-4075

To remediate CVE-2021-4075, upgrade the affected package to a fixed version below.

—upgrade to 6.0.0-GM or later

Is CVE-2021-4075 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 6.0.0-GM

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-4075
PATCHgithub.com/snipe/snipe-it
WEBgithub.com/snipe/snipe-it/commit/4612b9e711b3ff5d2bcddbec5b18866d25f8e34e
WEBhuntr.dev/bounties/4386fd8b-8c80-42bb-87b8-b506c46597de