CVE-2024-31998 | THREATINT

Description

Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

PUBLISHED Reserved 2024-04-08 | Published 2024-11-04 | Updated 2024-11-05 | Assigner GitHub_M

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-352: Cross-Site Request Forgery (CSRF)

Product status

< 3.1.2

affected

References

github.com/...o/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r

cve.org (CVE-2024-31998)

nvd.nist.gov (CVE-2024-31998)