Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Combodo/iTop/commit/4c1df9927d1dc6b0181ee20721f93346def026fd - Patch | |
References | () https://github.com/Combodo/iTop/commit/bdebea62b642622ed71410b26c81e8537e6e58fa - Patch | |
References | () https://github.com/Combodo/iTop/security/advisories/GHSA-vj96-j84g-jhx4 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
Information
Published : 2023-03-14 16:15
Updated : 2024-11-21 07:17
NVD link : CVE-2022-39214
Mitre link : CVE-2022-39214
CVE.ORG link : CVE-2022-39214
JSON object : View
Products Affected
combodo
- itop
CWE
CWE-863
Incorrect Authorization