Vulnerabilities > CVE-2022-39216 - Unspecified vulnerability in Combodo Itop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
Vulnerable Configurations
References
- https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
- https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
- https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
- https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
- https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm
- https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm