iTop Platform Vulnerability Affects Restricted Access Files
CVE-2023-48710

9.8CRITICAL

Key Information:

Vendor: Combodo
Status: Itop
Vendor: CVE Published:; 15 April 2024

What is CVE-2023-48710?

The iTop platform, developed by Combodo, is susceptible to a file access vulnerability that may allow unauthorized retrieval of files from the env-production folder. Although this directory is intended to have restricted access, improper configurations could lead to the exposure of sensitive data, particularly if third-party modules have been employed. Recent updates have addressed this issue by limiting the execution of PHP files through the pages/exec.php script, thereby enhancing security. The vulnerability has been resolved in various iTop versions, notably 2.7.10, 3.0.4, 3.1.1, and 3.2.0.

Affected Version(s)

iTop < 2.7.10 < 2.7.10

iTop >= 3.0.0, < 3.0.4 < 3.0.0, 3.0.4

iTop >= 3.1.0, < 3.1.1 < 3.1.0, 3.1.1

References

https://github.com/Combodo/iTop/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/Combodo/iTop/commit/3b2da39469f7a4636e...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Nov 17, 2023