CVE-2024-54139

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-54139
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue.

7.9 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://github.com/Combodo/iTop/security/advisories/GHSA-jmv2-wfh5-h5wg Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc3:*:*:*:*:*:*
History

11 Mar 2025, 16:44

Type Values Removed Values Added
First Time Combodo itop
Combodo
CPE cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:combodo:itop:3.2.0:beta1:*:*:*:*:*:*
References () https://github.com/Combodo/iTop/security/advisories/GHSA-jmv2-wfh5-h5wg - () https://github.com/Combodo/iTop/security/advisories/GHSA-jmv2-wfh5-h5wg - Vendor Advisory
Summary
  • (es) Combodo iTop es una plataforma de gestión de servicios de TI basada en la web y de código abierto. En versiones anteriores a las 2.7.11, 3.1.2 y 3.2.0, iTop presenta una vulnerabilidad de cross-site scripting que puede provocar cross-site request forgery en el parámetro `_table_id`. Las versiones 2.7.11, 3.1.2 y 3.2.0 contienen un parche para solucionar el problema.

13 Dec 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-13 16:15

Updated : 2025-03-11 16:44

NVD link : CVE-2024-54139

Mitre link : CVE-2024-54139

CVE.ORG link : CVE-2024-54139

JSON object : View

Products Affected

combodo

  • itop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-352

Cross-Site Request Forgery (CSRF)