Vulnerability-Lookup

CVE-2020-12781 (GCVE-0-2020-12781)

Vulnerability from cvelistv5 – Published: 2020-08-10 02:45 – Updated: 2024-09-16 23:26

Title

Combodo iTop - CSRF

Summary

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

Severity ?

5.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

twcert

References

URL

Tags

	https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html	x_refsource_MISC
	https://github.com/Combodo/iTop/security/advisori…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Combodo	iTop	Affected: 0 , ≤ 2.7.0-beta2 (custom)

Date Public ?

2020-08-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iTop",
          "vendor": "Combodo",
          "versions": [
            {
              "lessThanOrEqual": "2.7.0-beta2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-08-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-25T16:14:33.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update to version 2.7.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Combodo iTop - CSRF",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "TWCERT/CC",
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2020-08-10T03:00:00.000Z",
          "ID": "CVE-2020-12781",
          "STATE": "PUBLIC",
          "TITLE": "Combodo iTop - CSRF"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iTop",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "0",
                            "version_value": "2.7.0-beta2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Combodo"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html",
              "refsource": "MISC",
              "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
            },
            {
              "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v",
              "refsource": "MISC",
              "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update to version 2.7.1"
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2020-12781",
    "datePublished": "2020-08-10T02:45:39.815Z",
    "dateReserved": "2020-05-11T00:00:00.000Z",
    "dateUpdated": "2024-09-16T23:26:00.002Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-12781",
      "date": "2026-04-25",
      "epss": "0.00131",
      "percentile": "0.32369"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.7.1\", \"matchCriteriaId\": \"C771A6AC-CD9B-4F48-8A78-1C3685E2E408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"608F63C6-0F54-47D8-BFD5-FB5511BDB548\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD7E6A6A-9B1D-4BA7-9A58-ACEE1ABC46EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F94E71-E468-4765-9A44-FCD9121DC414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF68C176-A8C3-4C88-A344-74CB0E682987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"997A26DD-11A4-4D9F-8F6C-845068AE605C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"06061D47-3252-4ED4-9423-600027D39551\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5DFEEA5-6FB7-4583-A13C-B2EE74502B81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta6:*:*:*:*:*:*\", \"matchCriteriaId\": \"D373FD25-9994-4D19-A636-59E9B775D673\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta7:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2FE726A-3EF3-497C-8C8E-7F90358AE172\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:beta8:*:*:*:*:*:*\", \"matchCriteriaId\": \"75603E37-CC69-433A-9450-8FCAD26DAA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:combodo:itop:3.0.0:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"D50B0423-B58B-44DC-A02E-75645DA683B4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.\"}, {\"lang\": \"es\", \"value\": \"Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos espec\\u00edficos por medio de la falsificaci\\u00f3n de peticiones de un sitio malicioso\"}]",
      "id": "CVE-2020-12781",
      "lastModified": "2024-11-21T05:00:16.930",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-08-10T03:15:12.857",
      "references": "[{\"url\": \"https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html\", \"source\": \"twcert@cert.org.tw\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "twcert@cert.org.tw",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-12781\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2020-08-10T03:15:12.857\",\"lastModified\":\"2024-11-21T05:00:16.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.\"},{\"lang\":\"es\",\"value\":\"Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos espec\u00edficos por medio de la falsificaci\u00f3n de peticiones de un sitio malicioso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.1\",\"matchCriteriaId\":\"C771A6AC-CD9B-4F48-8A78-1C3685E2E408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"608F63C6-0F54-47D8-BFD5-FB5511BDB548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7E6A6A-9B1D-4BA7-9A58-ACEE1ABC46EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F94E71-E468-4765-9A44-FCD9121DC414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF68C176-A8C3-4C88-A344-74CB0E682987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"997A26DD-11A4-4D9F-8F6C-845068AE605C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"06061D47-3252-4ED4-9423-600027D39551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5DFEEA5-6FB7-4583-A13C-B2EE74502B81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D373FD25-9994-4D19-A636-59E9B775D673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2FE726A-3EF3-497C-8C8E-7F90358AE172\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:beta8:*:*:*:*:*:*\",\"matchCriteriaId\":\"75603E37-CC69-433A-9450-8FCAD26DAA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:combodo:itop:3.0.0:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50B0423-B58B-44DC-A02E-75645DA683B4\"}]}]}],\"references\":[{\"url\":\"https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

GSD-2020-12781

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

Aliases

CVE-2020-12781

Aliases

CVE-2020-12781

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-12781",
    "description": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.",
    "id": "GSD-2020-12781"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-12781"
      ],
      "details": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.",
      "id": "GSD-2020-12781",
      "modified": "2023-12-13T01:21:49.653474Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "AKA": "TWCERT/CC",
        "ASSIGNER": "cve@cert.org.tw",
        "DATE_PUBLIC": "2020-08-10T03:00:00.000Z",
        "ID": "CVE-2020-12781",
        "STATE": "PUBLIC",
        "TITLE": "Combodo iTop - CSRF"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iTop",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "2.7.0-beta2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Combodo"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html",
            "refsource": "MISC",
            "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
          },
          {
            "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v",
            "refsource": "MISC",
            "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update to version 2.7.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:beta8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:combodo:itop:3.0.0:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@cert.org.tw",
          "ID": "CVE-2020-12781"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
            },
            {
              "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-20T20:57Z",
      "publishedDate": "2020-08-10T03:15Z"
    }
  }
}

FKIE_CVE-2020-12781

Vulnerability from fkie_nvd - Published: 2020-08-10 03:15 - Updated: 2024-11-21 05:00

Severity ?

5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

References

URL	Tags
twcert@cert.org.tw	https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v	Third Party Advisory
twcert@cert.org.tw	https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html	Third Party Advisory

Impacted products

Vendor	Product	Version
combodo	itop	*
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0
combodo	itop	3.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C771A6AC-CD9B-4F48-8A78-1C3685E2E408",
              "versionEndExcluding": "2.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "608F63C6-0F54-47D8-BFD5-FB5511BDB548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "DD7E6A6A-9B1D-4BA7-9A58-ACEE1ABC46EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E0F94E71-E468-4765-9A44-FCD9121DC414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "AF68C176-A8C3-4C88-A344-74CB0E682987",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "997A26DD-11A4-4D9F-8F6C-845068AE605C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "06061D47-3252-4ED4-9423-600027D39551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "A5DFEEA5-6FB7-4583-A13C-B2EE74502B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "D373FD25-9994-4D19-A636-59E9B775D673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "A2FE726A-3EF3-497C-8C8E-7F90358AE172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "75603E37-CC69-433A-9450-8FCAD26DAA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:combodo:itop:3.0.0:rc:*:*:*:*:*:*",
              "matchCriteriaId": "D50B0423-B58B-44DC-A02E-75645DA683B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery."
    },
    {
      "lang": "es",
      "value": "Combodo iTop contiene una vulnerabilidad de tipo cross-site request forgery (CSRF), los atacantes pueden ejecutar comandos espec\u00edficos por medio de la falsificaci\u00f3n de peticiones de un sitio malicioso"
    }
  ],
  "id": "CVE-2020-12781",
  "lastModified": "2024-11-21T05:00:16.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 3.6,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-10T03:15:12.857",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
    },
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MW42-FPX9-595R

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-01-20 21:30

Details

Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-12781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-10T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.",
  "id": "GHSA-mw42-fpx9-595r",
  "modified": "2023-01-20T21:30:26Z",
  "published": "2022-05-24T17:25:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-34rq-vfmf-gg5v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12781"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-3837-050db-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-12781 (GCVE-0-2020-12781)

GSD-2020-12781

FKIE_CVE-2020-12781

GHSA-MW42-FPX9-595R

Tags

Sightings

Nomenclature