Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Dec 16th 2021
CSRF to disrupt request tracking
Proof of Concept
Open the HTML file as a logged-in user
Unauthenticated attackers situated outside of the organization can disrupt request tracking by sending the malicious HTML to a user which will cause them to request an asset.