Skip to content

Portal : the CSRF token isn't validated

High
piRGoif published GHSA-9wq8-4qm9-3j6f Jul 20, 2021

Package

No package listed

Affected versions

<2.7.4 <3.0.0

Patched versions

2.7.4, 3.0.0

Description

Impact

CSRF token validation can be bypassed through iTop portal via tricky browser procedure.

Patches

Fixed in 2.7.4 and 3.0.0

References

Combodo ref N°3430

Credits

Many thanks to Mushrraf Baig Ashraf / https://sourceforge.net/u/mushrraf/profile/ for this report !

For more information

If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com

Severity

High

CVE ID

CVE-2021-21407

Weaknesses

No CWEs