CVE-2024-31998

Published: Nov 5, 2024Modified: Nov 6, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (1)

Products: Combodo: Itop

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Combodo Itop	Before 3.1.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.