CVE-2024-31998

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*

History

06 Nov 2024, 14:31

Type Values Removed Values Added
First Time Combodo itop
Combodo
CPE cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
References () https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r - () https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r - Vendor Advisory

05 Nov 2024, 16:04

Type Values Removed Values Added
Summary
  • (es) Combodo iTop es una herramienta de gestión de servicios de TI sencilla y basada en la web. Se puede ejecutar un CSRF en la simulación de importación de CSV. Este problema se ha solucionado en las versiones 3.1.2 y 3.2.0. Se recomienda a todos los usuarios que actualicen la versión. No se conocen workarounds para esta vulnerabilidad.

05 Nov 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-05 00:15

Updated : 2024-11-06 14:31


NVD link : CVE-2024-31998

Mitre link : CVE-2024-31998

CVE.ORG link : CVE-2024-31998


JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-352

Cross-Site Request Forgery (CSRF)