OpenCVE

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Combodo	Itop

Configuration 1 [-]

OR	cpe:2.3:a:combodo:itop::::::::
	cpe:2.3:a:combodo:itop::::::::
	cpe:2.3:a:combodo:itop::::::::

No data.

References

Link	Providers
https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx

History

Wed, 13 Nov 2024 01:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Tue, 05 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Combodo Combodo itop
CPEs		cpe:2.3:a:combodo:itop::::::::
Vendors & Products		Combodo Combodo itop
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 04 Nov 2024 23:45:00 +0000

Type	Values Removed	Values Added
Description		Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Title		iTop hub connector Information disclosure
Weaknesses		CWE-200
References		https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx
Metrics		cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-04T23:36:46.265Z

Updated: 2024-11-05T16:26:44.887Z

Reserved: 2024-04-19T14:07:11.229Z

Link: CVE-2024-32870

Vulnrichment

Updated: 2024-11-05T16:26:39.128Z

NVD

Status : Analyzed

Published: 2024-11-05T00:15:04.297

Modified: 2024-11-13T01:07:24.057

Link: CVE-2024-32870

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32870", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-19T14:07:11.229Z", "datePublished": "2024-11-04T23:36:46.265Z", "dateUpdated": "2024-11-05T16:26:44.887Z"}, "containers": {"cna": {"title": "iTop hub connector Information disclosure", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx"}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"version": "< 2.7.11", "status": "affected"}, {"version": ">= 3.0.0, < 3.0.5", "status": "affected"}, {"version": ">= 3.1.0, < 3.1.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-04T23:36:46.265Z"}, "descriptions": [{"lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "source": {"advisory": "GHSA-rfjh-2f5x-qxmx", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "combodo", "product": "itop", "cpes": ["cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.7.11", "versionType": "custom"}, {"version": "3.0.0", "status": "affected", "lessThan": "3.0.5", "versionType": "custom"}, {"version": "3.1.0", "status": "affected", "lessThan": "3.1.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-05T16:25:00.433322Z", "id": "CVE-2024-32870", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-05T16:26:44.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "iTop hub connector Information disclosure", "source": {"advisory": "GHSA-rfjh-2f5x-qxmx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Combodo", "product": "iTop", "versions": [{"status": "affected", "version": "< 2.7.11"}, {"status": "affected", "version": ">= 3.0.0, < 3.0.5"}, {"status": "affected", "version": ">= 3.1.0, < 3.1.2"}]}], "references": [{"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx", "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-04T23:36:46.265Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32870", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-05T16:25:00.433322Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*"], "vendor": "combodo", "product": "itop", "versions": [{"status": "affected", "version": "0", "lessThan": "2.7.11", "versionType": "custom"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.0.5", "versionType": "custom"}, {"status": "affected", "version": "3.1.0", "lessThan": "3.1.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2024-11-05T16:26:39.128Z"}}]}, "cveMetadata": {"cveId": "CVE-2024-32870", "state": "PUBLISHED", "dateUpdated": "2024-11-04T23:36:46.265Z", "dateReserved": "2024-04-19T14:07:11.229Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-04T23:36:46.265Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BF82095-AA7D-454F-9228-78EC4D8CD5CE", "versionEndExcluding": "2.7.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB27E0C9-520F-4289-AB31-A4DDAD763F52", "versionEndExcluding": "3.0.5", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B32C5C-D9F9-4719-ACA5-217D1E696D4C", "versionEndExcluding": "3.1.2", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Cualquier persona que tenga acceso a la URI de iTop puede leer la informaci\u00f3n del servidor, el sistema operativo, el DBMS, PHP e iTop (nombre, versi\u00f3n y par\u00e1metros). Este problema se ha corregido en las versiones 2.7.11, 3.0.5, 3.1.2 y 3.2.0. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen soluciones alternativas para esta vulnerabilidad."}], "id": "CVE-2024-32870", "lastModified": "2024-11-13T01:07:24.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-11-05T00:15:04.297", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-rfjh-2f5x-qxmx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}