← voltar
CVE-2021-32663

Unauthorized setup leads to SSRF in Combodo/iTop

CVSS 8.7 HIGHEPSS 1.4%CWE-918
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Produtos afetados
Combodo · iTop

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfechttps://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9