Impact
When called directly, the ajax endpoint for the "excel export" portal functionality allows to get data without scope filtering.
Patches
Fixed in 2.7.2 and 3.0.0
Credits
Many thanks to SEB / Intrinsec for this report !
References
Combodo ref N°3111
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
When called directly, the ajax endpoint for the "excel export" portal functionality allows to get data without scope filtering.
Patches
Fixed in 2.7.2 and 3.0.0
Credits
Many thanks to SEB / Intrinsec for this report !
References
Combodo ref N°3111
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com