Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r | Vendor Advisory |
Configurations
History
06 Nov 2024, 14:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Combodo itop
Combodo |
|
CPE | cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* | |
References | () https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r - Vendor Advisory |
05 Nov 2024, 16:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Nov 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-05 00:15
Updated : 2024-11-06 14:31
NVD link : CVE-2024-31998
Mitre link : CVE-2024-31998
CVE.ORG link : CVE-2024-31998
JSON object : View
Products Affected
combodo
- itop
CWE
CWE-352
Cross-Site Request Forgery (CSRF)