Login Sign Up

CVE-2023-5511

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in Snipe-IT allows attackers to trick authenticated users into performing unintended actions without their consent. It affects all users of Snipe-IT prior to version 6.2.3 who are logged into the application.

💻 Affected Systems

Products:
  • Snipe-IT
Versions: All versions prior to v6.2.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of Snipe-IT prior to v6.2.3 are vulnerable. The vulnerability exists in the web application layer.

📦 What is this software?

Snipe It by Snipeitapp

View all CVEs affecting Snipe It →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could create, modify, or delete assets, users, or system configurations, potentially leading to data loss, unauthorized access, or system compromise.

🟠

Likely Case

Attackers could modify asset records, create unauthorized users, or change system settings through crafted requests sent to authenticated users.

🟢

If Mitigated

With proper CSRF protections, requests would be rejected unless they include valid anti-CSRF tokens, preventing unauthorized actions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated and visit a malicious page while logged into Snipe-IT. The vulnerability is well-documented in public reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.2.3

Vendor Advisory: https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed

Restart Required: No

Instructions:

1. Backup your Snipe-IT database and files. 2. Update to v6.2.3 or later via git pull or package update. 3. Run 'php artisan migrate' if database migrations are required. 4. Clear application cache with 'php artisan cache:clear'.

🔧 Temporary Workarounds

Add CSRF Protection Headers

all

Configure web server to add CSRF protection headers like SameSite cookies and Content-Security-Policy

# For Apache: Add 'Header always set X-Frame-Options DENY' to .htaccess
# For Nginx: add 'add_header X-Frame-Options DENY;' to server config

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and Content-Security-Policy headers
  • Use browser extensions that block CSRF attempts and educate users about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check Snipe-IT version in admin panel or via 'php artisan --version' command. If version is below 6.2.3, system is vulnerable.

Check Version:

php artisan --version

Verify Fix Applied:

After updating, verify version is 6.2.3 or higher and test that CSRF tokens are required for all state-changing requests.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed POST requests missing CSRF tokens
  • Unusual state-changing actions from unexpected user sessions

Network Indicators:

  • Requests to Snipe-IT endpoints without Referer headers or CSRF tokens
  • Cross-origin requests to state-changing endpoints

SIEM Query:

source="snipe-it-logs" AND (http_method="POST" AND NOT csrf_token=*) OR (action="create" OR action="delete" OR action="update") AND user_agent="*malicious*"

📊 Metadata

CVE ID: CVE-2023-5511
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: October 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5511, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)