Lucene search

GoogleOSV:CVE-2023-38511

HistoryApr 15, 2024 - 5:15 p.m.

CVE-2023-38511

2024-04-1517:15:06

Google

osv.dev

itop

it service management

full path disclosure

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.

CPENameOperatorVersion
itopeq2.7.6
itopeq2.7.0-2
itopeq2.7.9
itopeq2.7.0-alpha1
itopeq3.0.2
itopeq2.7.0-rc2
itopeq2.7.8
itopeq3.0.3-designer-php8.0-compatibility
itopeq2.6.0-products
itopeq2.7.0-rc

Name	Operator	Version
itop	eq	2.7.6
itop	eq	2.7.0-2
itop	eq	2.7.9
itop	eq	2.7.0-alpha1
itop	eq	3.0.2
itop	eq	2.7.0-rc2
itop	eq	2.7.8
itop	eq	3.0.3-designer-php8.0-compatibility
itop	eq	2.6.0-products
itop	eq	2.7.0-rc

Rows per page:

1-10 of 631

References

github.com/Combodo/iTop/commit/343e87a8d4fc8253fd81aeaf0dcc424b9dc4eda7

github.com/Combodo/iTop/commit/89145593ef2e077529a6f7ee7cde712db637e1ab

github.com/Combodo/iTop/security/advisories/GHSA-323r-chx5-m9gm

www.synacktiv.com/advisories/file-read-in-itop

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for OSV:CVE-2023-38511