Vulnerability Details CVE-2023-38511
iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v3 Score 5.0
References
- https://github.com/Combodo/iTop/commit/343e87a8d4fc8253fd81aeaf0dcc424b9dc4eda7
- https://github.com/Combodo/iTop/commit/89145593ef2e077529a6f7ee7cde712db637e1ab
- https://github.com/Combodo/iTop/security/advisories/GHSA-323r-chx5-m9gm
- https://www.synacktiv.com/advisories/file-read-in-itop
- https://github.com/Combodo/iTop/commit/343e87a8d4fc8253fd81aeaf0dcc424b9dc4eda7
- https://github.com/Combodo/iTop/commit/89145593ef2e077529a6f7ee7cde712db637e1ab
- https://github.com/Combodo/iTop/security/advisories/GHSA-323r-chx5-m9gm
- https://www.synacktiv.com/advisories/file-read-in-itop
Products affected by CVE-2023-38511
-
cpe:2.3:a:combodo:itop:3.0.0
-
cpe:2.3:a:combodo:itop:3.0.1
-
cpe:2.3:a:combodo:itop:3.0.2
-
cpe:2.3:a:combodo:itop:3.0.2-1
-
cpe:2.3:a:combodo:itop:3.0.3
-
cpe:2.3:a:combodo:itop:3.1.0
-
cpe:2.3:a:combodo:itop:3.1.0-2-11973