CVE-2020-12781

Published: Aug 10, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

Affected (12)

Products: Combodo: Itop

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 2.7.1
Combodo Itop	Version 3.0.0 alpha
Combodo Itop	Version 3.0.0 beta1
Combodo Itop	Version 3.0.0 beta2
Combodo Itop	Version 3.0.0 beta3
Combodo Itop	Version 3.0.0 beta4
Combodo Itop	Version 3.0.0 beta5
Combodo Itop	Version 3.0.0 beta6
Combodo Itop	Version 3.0.0 beta7
Combodo Itop	Version 3.0.0 beta8
Combodo Itop	Version 3.0.0 beta
Combodo Itop	Version 3.0.0 rc

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.