6.8
CVE-2020-15218
- EPSS 0.76%
- Veröffentlicht 13.01.2021 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:05:06
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginAdmin pages are cached and can be embedded
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.506 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
| security-advisories@github.com | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://github.com/Combodo/iTop/security/advisories/GHSA-3m3g-86hp-5p2j