iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
References
Link | Resource |
---|---|
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807 | Patch Third Party Advisory |
https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec | Patch Third Party Advisory |
https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-10-19T17:40:11
Updated: 2021-10-19T17:40:11
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32663
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-19T18:15:07.783
Modified: 2021-10-22T20:49:49.767
Link: CVE-2021-32663
JSON object: View
Redhat Information
No data.
CWE