CVE-2020-4079

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-4079

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4079.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-4079

Related

GHSA-vcv9-xp3j-7jwh

Published

2021-01-12T20:15:24.760Z

Modified

2025-11-14T11:00:41.299884Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.

References

https://github.com/Combodo/iTop/security/advisories/GHSA-vcv9-xp3j-7jwh

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

97d322a0594abfd85aab946171693fafdd081aab

Affected versions

2.*

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.0-a

2.6.0-products

2.6.1

2.6.2

2.6.2-1

2.6.2-2

2.6.3

2.6.4

2.7.0

2.7.0-1

2.7.0-2

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

2.7.0-rc

2.7.0-rc2

2.7.1

Other

N1963

N2011

N2016

N941

N941-2

itop-carbon

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4079.json"