CVE-2021-32776

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
GitHub_MCNA
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
combodoitop
𝑥
< 2.7.4
combodoitop
3.0.0:alpha
combodoitop
3.0.0:beta
combodoitop
3.0.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr