CVE-2021-4075

Name of the Vulnerable Software and Affected Versions snipe-it (affected versions not specified)

Description The issue allows admin users on the external network to perform blind POST-based Server-Side Request Forgery (SSRF) via the Slack Integration. This enables them to issue requests on behalf of the server into the internal network, potentially allowing for port-scanning of the internal network and issuing POST requests to web servers on the internal network, which can be escalated to higher-impact attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.