CVE-2021-32776

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
combodoitop
𝑥
< 2.7.4
combodoitop
3.0.0:alpha
combodoitop
3.0.0:beta
combodoitop
3.0.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr