CVE-2019-19821
published 2020-03-16CVE-2019-19821: A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify…
PriorityP348high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
1.43%
69.7th percentile
A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| combodo | itop | < 2.7 | 2.7 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796https://www.combodo.com/itop-193https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/https://github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796https://www.combodo.com/itop-193https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/
2020-03-16
Published