CVE-2020-4079 Information

Jun 07, 2022 cve

Description

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0 when the ajax endpoint for the xcel export\ portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Reference

https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.7

Share on: