nvd-json-data-feeds/CVE-2024/CVE-2024-319xx/CVE-2024-31998.json

{
  "id": "CVE-2024-31998",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-11-05T00:15:04.083",
  "lastModified": "2024-11-06T14:31:46.643",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Se puede ejecutar un CSRF en la simulaci\u00f3n de importaci\u00f3n de CSV. Este problema se ha solucionado en las versiones 3.1.2 y 3.2.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "3.1.2",
              "matchCriteriaId": "4B1E5E6E-1398-4908-9D8F-25C8C667F3D2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r",
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`{`
			`"id": "CVE-2024-31998",`
			`"sourceIdentifier": "security-advisories@github.com",`
			`"published": "2024-11-05T00:15:04.083",`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`"lastModified": "2024-11-06T14:31:46.643",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability."`
Auto-Update: 2024-11-05T17:00:21.906678+00:00 2024-11-05 17:03:22 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Se puede ejecutar un CSRF en la simulaci\u00f3n de importaci\u00f3n de CSV. Este problema se ha solucionado en las versiones 3.1.2 y 3.2.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`},`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security-advisories@github.com",`
Auto-Update: 2024-12-15T03:00:19.262894+00:00 2024-12-15 03:03:56 +00:00			`"type": "Primary",`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-352"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:combodo:itop::::::::",`
			`"versionEndExcluding": "3.1.2",`
			`"matchCriteriaId": "4B1E5E6E-1398-4908-9D8F-25C8C667F3D2"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`"references": [`
			`{`
			`"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-8cwx-q4xh-7c7r",`
Auto-Update: 2024-11-06T15:00:48.258634+00:00 2024-11-06 15:03:50 +00:00			`"source": "security-advisories@github.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-11-05T00:55:30.652347+00:00 2024-11-05 00:58:31 +00:00			`}`
			`]`
			`}`