CVE-2020-4079

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:2.7.3:*:*:*:*:*:*:*

History

14 Jan 2021, 17:26

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 7.7
References (CONFIRM) https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh - (CONFIRM) https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh - Third Party Advisory
CPE cpe:2.3:a:combodo:itop:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

12 Jan 2021, 20:24

Type Values Removed Values Added
New CVE

Information

Published : 2021-01-12 20:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-4079

Mitre link : CVE-2020-4079

CVE.ORG link : CVE-2020-4079


JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor