CVE-2024-52002

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52002
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52002.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-52002
Aliases
  • GHSA-xr4x-xq7v-7gqm
Published
2024-11-08T23:15:04Z
Modified
2025-01-08T16:27:14.459562Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type
GIT
Repo
https://github.com/combodo/itop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0.8

2.*

2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.0-a
2.6.0-products
2.6.1
2.6.2
2.6.2-1
2.6.2-2
2.6.3
2.6.4
2.7.0
2.7.0-1
2.7.0-2
2.7.0-alpha1
2.7.0-beta
2.7.0-beta2
2.7.0-rc
2.7.0-rc2
2.7.1
2.7.10
2.7.2
2.7.2-1
2.7.3
2.7.3-1
2.7.3-2
2.7.4
2.7.5
2.7.5-1
2.7.5-2
2.7.6
2.7.7
2.7.8
2.7.9

Other

3
N1963
N2011
N2016
N941
N941-2
itop-carbon

3.*

3.0.0
3.0.0-alpha
3.0.0-beta
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-beta5
3.0.0-beta6
3.0.0-beta7
3.0.0-beta8
3.0.0-rc
3.0.1
3.0.1-designer-feature-lot1
3.0.1-designer-feature-lot2
3.0.2
3.0.2-1
3.0.2-rc1
3.0.3
3.0.3-1
3.0.3-designer-php8.0-compatibility
3.0.4
3.1.0
3.1.0-1
3.1.0-2
3.1.0-3
3.1.0-alpha1
3.1.0-beta
3.1.0-designer-2
3.1.1
3.1.1-1
3.1.1-2
3.2.0-alpha1
3.2.0-beta1
3.2.0-rc1
3.2.0-rc2
3.2.0-rc3

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility