CVE-2024-51993

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-51993

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51993.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51993

Aliases

GHSA-9mq5-349x-x427

Published

2024-11-07T17:59:18.617Z

Modified

2026-04-10T05:14:58.581714Z

Severity

3.4 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Password is stored in clear in the database in Combodo iTop

Details

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their backups independently of the iTop application.

Patches

Sanitize parameter

References

N°7631 - Password is stored in clear in the database.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-312"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51993.json"
}

References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type: GIT
Repo: https://github.com/combodo/itop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0ee1818f12583de75babc5c9e4fd6428cc8fdb73

Affected versions

2.*

2.7.0-alpha1

2.7.0-beta

2.7.0-beta2

3.*

3.1.0-alpha1

3.2.0-alpha1

3.2.0-rc1

3.2.0-rc2

3.2.0-rc3

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51993.json"