CVE-2019-19821

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19821

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19821.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19821

Related

GHSA-2gfp-2qvh-9796

Published

2020-03-16T18:15:12Z

Modified

2025-01-14T07:53:52.068710Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not following the HTTP Location header in server responses. This is fixed in all iTop packages (community, essential, professional) in versions : 2.5.4, 2.6.3, 2.7.0

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

46151c87c09ed4f85cd22e1c522d036e4f99ce96

Affected versions

2.*

2.5.1

2.5.2

2.5.3

2.5.4

2.6.0

2.6.0-a

2.6.0-products

2.6.1

2.6.2

2.6.2-1

2.6.2-2

2.6.3

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

2.7.0-rc

Other

N1963

N2011

N2016

N941

N941-2

itop-carbon