Lucene search

K

GoogleOSV:CVE-2022-24780

HistoryApr 05, 2022 - 7:15 p.m.

CVE-2022-24780

2022-04-0519:15:08

Google

osv.dev

3

7.5 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.7%

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

CPENameOperatorVersion
itopeq2.6.0
itopeq2.7.3
itopeqN2011
itopeq2.7.0-beta2
itopeqN941-2
itopeq2.7.3-1
itopeqitop-carbon
itopeq2.7.0-1
itopeq2.6.3
itopeq2.7.2-1

Rows per page:

1-10 of 381

References

packetstormsecurity.com/files/167236/iTop-Remote-Command-Execution.html

github.com/Combodo/iTop/commit/93f273a28778e5da8e51096f021d2dc1adbf4ef3

github.com/Combodo/iTop/commit/b6fac4b411b8d145fc30fa35c66b51243eafd06b

github.com/Combodo/iTop/commit/eb2a615bd28100442c7f6171707bb40884af2305

github.com/Combodo/iTop/security/advisories/GHSA-v97m-wgxq-rh54

markus-krell.de/itop-template-injection-inside-customer-portal/

7.5 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.7%

Related for OSV:CVE-2022-24780

cve1 githubexploit1 prion1 nvd1 packetstorm1 zdt1 cvelist1