CVE-2024-52001

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52001
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52001.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52001
Aliases
  • GHSA-9p26-v3wj-6q34
Published
2024-11-08T22:18:17.828Z
Modified
2025-12-05T07:19:13.753655Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Portal user is able to access forbidden services information in Combodo iTop
Details

Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52001.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/combodo/itop

Affected ranges

Type
GIT
Repo
https://github.com/combodo/itop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0ee1818f12583de75babc5c9e4fd6428cc8fdb73

Affected versions

1.*

1.0.8

2.*

2.5.1
2.5.2
2.5.3
2.5.4
2.6.0
2.6.0-a
2.6.0-products
2.6.1
2.6.2
2.6.2-1
2.6.2-2
2.6.3
2.6.4
2.7.0
2.7.0-1
2.7.0-2
2.7.0-alpha1
2.7.0-beta
2.7.0-beta2
2.7.0-rc
2.7.0-rc2
2.7.1
2.7.10
2.7.2
2.7.2-1
2.7.3
2.7.3-1
2.7.3-2
2.7.4
2.7.5
2.7.5-1
2.7.5-2
2.7.6
2.7.7
2.7.8
2.7.9

Other

3
N1963
N2011
N2016
N941
N941-2
itop-carbon

3.*

3.0.0
3.0.0-alpha
3.0.0-beta
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-beta5
3.0.0-beta6
3.0.0-beta7
3.0.0-beta8
3.0.0-rc
3.0.1
3.0.1-designer-feature-lot1
3.0.1-designer-feature-lot2
3.0.2
3.0.2-1
3.0.2-rc1
3.0.3
3.0.3-1
3.0.3-designer-php8.0-compatibility
3.0.4
3.1.0
3.1.0-1
3.1.0-2
3.1.0-3
3.1.0-alpha1
3.1.0-beta
3.1.0-designer-2
3.1.1
3.1.1-1
3.1.1-2
3.2.0-alpha1
3.2.0-beta1
3.2.0-rc1
3.2.0-rc2
3.2.0-rc3

ITSM_Designer_3.*

ITSM_Designer_3.1-compatibility

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52001.json"