Description
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Combodo/iTop/security/advisories/GHSA-ghqc-r8f6-q9m9
Patch, Third Party Advisory x_refsource_misc
https://github.com/Combodo/iTop/commit/43daa2ef088bf928a2386fa19324628c3f19b807
Patch, Third Party Advisory x_refsource_misc
https://github.com/Combodo/iTop/commit/6be9a87c150978752bc68baae1a5c4833ddadfec
Scores
CVSS v3
8.7
EPSS
0.0032
EPSS Percentile
54.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
combodo/itop
< 2.6.5
Published
Oct 19, 2021
Tracked Since
Feb 18, 2026