CVE-2022-39216

Опубликовано: 14 мар. 2023

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

EPSS Низкий

Описание

Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.

Ссылки

https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
Patch
https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
Patch
https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm
Vendor Advisory
https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
Patch
https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
Patch
https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия от 2.0.2 (исключая) до 2.7.8 (исключая)

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

Версия от 3.0.0 (исключая) до 3.0.2-1 (исключая)

EPSS

Процентиль: 53%

0.00307

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-330

EPSS

Процентиль: 53%

0.00307

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-330