Vulnerability CVE-2020-7988: Information
Description
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
phpipam | sisyphus | 1.45.031-alt1 | 1.6.0-alt1 | ALT-PU-2022-1133-1 | 294093 | Fixed |
phpipam | sisyphus_e2k | 1.45.031-alt1 | 1.6.0-alt1 | ALT-PU-2022-3817-1 | - | Fixed |
phpipam | p10 | 1.45.031-alt1 | 1.5.2-alt1 | ALT-PU-2022-1163-1 | 294094 | Fixed |
phpipam | p10_e2k | 1.45.031-alt1 | 1.5.2-alt1 | ALT-PU-2022-3887-1 | - | Fixed |
phpipam | p9 | 1.45.031-alt1 | 1.45.031-alt1 | ALT-PU-2022-1188-1 | 294095 | Fixed |
phpipam | p9_e2k | 1.45.031-alt1 | 1.45.031-alt1 | ALT-PU-2022-4727-1 | - | Fixed |
phpipam | c10f1 | 1.45.031-alt1 | 1.46.031-alt1 | ALT-PU-2022-1163-1 | 294094 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://pastebin.com/ZPECbgZb |
|
https://phpipam.net/news/phpipam-v1-5-released/ |
|