exploitDog

CVE-2020-4079

Опубликовано: 12 янв. 2021

Источник: nvd

CVSS3: 7.7

CVSS2: 4

EPSS Низкий

Описание

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.

Ссылки

https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh
Third Party Advisory
https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия до 2.7.2 (исключая)

cpe:2.3:a:combodo:itop:2.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00288

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

EPSS

Процентиль: 52%

0.00288

Низкий

7.7 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Уязвимость CVE-2020-4079