Description
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
Related CPE's
a
combodo
itop
References
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807
https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec
https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-19T18:15:07.783
3 years agoLast modified
2021-10-22T20:49:49.767
3 years ago