We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
CSRF tokens generated by privUITransactionFile aren't properly checked.
Use the session implementation by adding in the iTop config file :
'transaction_storage' => 'Session',
Fixed in 2.7.6, 3.0.0
Combodo ref N°4289
@amammad / Huntr
huntr: Cross-Site Request Forgery (CSRF) PHP Vulnerability in itop
If you have any questions or comments about this advisory: Email us at itop-security@combodo.com
am0o0 Analyst
Impact
CSRF tokens generated by privUITransactionFile aren't properly checked.
Workaround
Use the session implementation by adding in the iTop config file :
Patches
Fixed in 2.7.6, 3.0.0
References
Combodo ref N°4289
Credits
@amammad / Huntr
For more information
huntr: Cross-Site Request Forgery (CSRF) PHP Vulnerability in itop
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com