Exploit Report

Exploit Report

Computer Security And Bug Information

CVE-2022-39216

Last Updated: March 19, 2023
CVECVE-2022-39216
CVE Title
Published Date2023-03-14T16:15Z
Modified Date2023-03-19T03:56Z
CWE TypeCWE-330
CVSS 3.xCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
DescriptionCombodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
Reference DescriptionMISC https://github.com/Combodo/iTop/commit/35a8b501c9e4e767ec4b36c2586f34d4ab66d229
Reference URLhttps://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm
Reference DescriptionMISC https://github.com/Combodo/iTop/security/advisories/GHSA-hggq-48p2-cmhm
Reference URLhttps://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
Reference DescriptionMISC https://github.com/Combodo/iTop/commit/f10e9c2d64d0304777660a4f70f1e80850ea864b
TagsPatch
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles