CVE-2023-48710

EUVD-2023-52747

15.04.2024, 18:15

iTop is an IT service management platform.  Files from the `env-production` folder can be retrieved even though they should have restricted access.  Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. 
 The `pages/exec.php` script as been fixed to limit execution of PHP files only.  Other file types won't be retrieved and exposed.  The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
combodo	itop	𝑥 < 2.7.10
combodo	itop	3.0.0 ≤ 𝑥 < 3.0.4
combodo	itop	3.1.0 ≤ 𝑥 < 3.1.1

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
combodo	itop	𝑥 < 2.7.10	ADP
combodo	itop	3.0.0 ≤ 𝑥 < 3.0.4	ADP
combodo	itop	3.1.0 ≤ 𝑥 < 3.1.1	ADP

Common Weakness Enumeration

CWE-552 - Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26

https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc

https://github.com/Combodo/iTop/commit/3b2da39469f7a4636ed250ed0d33f4efff38be26

https://github.com/Combodo/iTop/security/advisories/GHSA-g652-q7cc-7hfc