CVE-2021-32776

EUVD-2021-19540
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, CSRF tokens can be reused by a malicious user, as on Windows servers no cleanup is done on CSRF tokens. This issue is fixed in versions 2.7.4 and 3.0.0.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
GitHub_MCNA
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
combodoitop
𝑥
< 2.7.4
combodoitop
3.0.0:alpha
combodoitop
3.0.0:beta
combodoitop
3.0.0:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr
https://github.com/Combodo/iTop/security/advisories/GHSA-cxw7-2x7h-f7pr