Все бюллетени/sisyphus_loongarch64/ALT-PU-2025-8695-1
ALT-PU-2025-8695-1

Обновление пакета itop в ветке sisyphus_loongarch64

Версия3.2.1.1-alt1
Задание#0
Опубликовано2025-06-29
Макс. серьёзностьHIGH
Серьёзность:

Закрытые проблемы (5)

CVE-2024-52601
MEDIUM6.5

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to objects they're not allowed to see by querying an unprotected route. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Опубликовано: 2025-05-14Изменено: 2025-08-01
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Ссылки
CVE-2024-56157
MEDIUM6.3

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this content. The issue is fixed in versions 3.1.3 and 3.2.1. As a workaround, check CSV content before importing it.

Опубликовано: 2025-05-14Изменено: 2025-08-01
CVSS 3.xСРЕДНЯЯ 6.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Ссылки
CVE-2025-24021
MEDIUM5.0

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue.

Опубликовано: 2025-05-14Изменено: 2025-08-22
CVSS 3.xСРЕДНЯЯ 5.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Ссылки
CVE-2025-24022
HIGH8.5

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.

Опубликовано: 2025-05-14Изменено: 2026-01-16
CVSS 3.xВЫСОКАЯ 8.5
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Ссылки
CVE-2025-24026
MEDIUM5.3

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop app_root_url is defined in the configuration file, then there is no possible way to exploit this ReDoS.

Опубликовано: 2025-05-14Изменено: 2025-08-01
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Ссылки