iTop is an IT service management platform. Files from the `env-production` folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The `pages/exec.php` script as been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed. The vulnerability is fixed in 2.7.10, 3.0.4, 3.1.1, and 3.2.0.
The `pages/exec.php` script did not properly restrict the types of files that could be downloaded and returned to the user. As a result, an attacker without any authentication could use a simple network request to download any file from the `env-production` folder. The patch limits the script's operation exclusively to executing PHP files, blocking the download of other file types.
An attacker can gain unauthorized access to potentially sensitive configuration files or data left by third-party modules, which may lead to disclosure of confidential information and, as a consequence, to complete system takeover.
iTop should be updated to version 2.7.10, 3.0.4, 3.1.1 or 3.2.0, in which the vulnerability has been fixed. Details are available in the vendor references and in the security advisory on GitHub.
Combodo iTop in all versions before 2.7.10, 3.0.4, 3.1.1 and 3.2.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCombodo Itop
APPCombodo< 2.7.103.0.0 – 3.0.4 (bez)3.1.0 – 3.1.1 (bez)
Related vulnerabilities
Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1,...
Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render...
Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page d...
Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, an administrato...
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to c...