Dismissed
Permalink
CVE-2025-24022
8.6 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
11 packages
- nvitop
- psitop
- gitopper
- weave-gitops
- luaPackages.luabitop
- lua51Packages.luabitop
- lua52Packages.luabitop
- luajitPackages.luabitop
- tailscale-gitops-pusher
- python312Packages.anitopy
- python313Packages.anitopy
- @LeSuisse dismissed
iTop server vulnerable to portal code injection
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
References
- https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j x_refsource_CONFIRM
- https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j x_refsource_CONFIRM
- https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd x_refsource_MISC
- https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e x_refsource_MISC
- https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b x_refsource_MISC
- https://github.com/Combodo/iTop/security/advisories/GHSA-rhv2-wfrr-4j2j x_refsource_CONFIRM
- https://github.com/Combodo/iTop/commit/082d865efaf8a349b60fe3875e9c726c24f8a8bd x_refsource_MISC
- https://github.com/Combodo/iTop/commit/37fc1a572380f2faa67fddea5b1a3a4ba72ed54e x_refsource_MISC
- https://github.com/Combodo/iTop/commit/5780f26817c2303c5bdd0ad16e21d4d959780b0b x_refsource_MISC
Affected products
iTop
- ==>= 3.2.0, < 3.2.1
- ==< 2.7.12
- ==>= 3.0.0, < 3.1.3