CVE-2024-32870
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-32870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-32870
- Aliases
-
- GHSA-rfjh-2f5x-qxmx
- Published
- 2024-11-04T23:36:46.265Z
- Modified
- 2025-12-05T04:20:40.249400Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator
- Summary
- iTop hub connector Information disclosure
- Details
-
Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info (name, version and parameters) can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32870.json", "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/combodo/itop
Affected ranges
Affected versions
1.*
1.0.8
2.*
2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.0-a
2.6.0-products
2.6.1
2.6.2
2.6.2-1
2.6.2-2
2.6.3
2.6.4
2.7.0
2.7.0-1
2.7.0-2
2.7.0-alpha1
2.7.0-beta
2.7.0-beta2
2.7.0-rc
2.7.0-rc2
2.7.1
2.7.10
2.7.11
2.7.2
2.7.2-1
2.7.3
2.7.3-1
2.7.3-2
2.7.4
2.7.5
2.7.5-1
2.7.5-2
2.7.6
2.7.7
2.7.8
2.7.9
3.*
3.0.4
3.1.0
3.1.0-1
3.1.0-2
3.1.0-3
3.1.0-designer-2
3.1.1
3.1.1-1
3.1.1-2
Other
N1963
N2011
N2016
N941
N941-2
itop-carbon