Vulnerabilities > CVE-2022-39214 - Unspecified vulnerability in Combodo Itop
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.
Vulnerable Configurations
References
- https://github.com/Combodo/iTop/commit/4c1df9927d1dc6b0181ee20721f93346def026fd
- https://github.com/Combodo/iTop/commit/4c1df9927d1dc6b0181ee20721f93346def026fd
- https://github.com/Combodo/iTop/commit/bdebea62b642622ed71410b26c81e8537e6e58fa
- https://github.com/Combodo/iTop/commit/bdebea62b642622ed71410b26c81e8537e6e58fa
- https://github.com/Combodo/iTop/security/advisories/GHSA-vj96-j84g-jhx4
- https://github.com/Combodo/iTop/security/advisories/GHSA-vj96-j84g-jhx4