CVE-2024-52601
- Source
- https://cve.org/CVERecord?id=CVE-2024-52601
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52601.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-52601
- Aliases
-
- GHSA-cph2-466c-3f87
- Published
- 2025-05-14T14:39:15.120Z
- Modified
- 2026-04-10T05:12:21.773166Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- iTop portal Insecure Direct Object Reference vulnerability
- Details
-
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.
- Database specific
{ "cwe_ids": [ "CWE-639" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52601.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/combodo/itop
Affected ranges
- Type
- GIT
- Repo
- https://github.com/combodo/itop
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "2.7.12" } ] }