Vulnerability CVE-2023-43790: Information

Description

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0.

Severity: MEDIUM (5.4)

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-43790

Published: April 15, 2024

Modified: Feb. 6, 2025

Error type identifier: CWE-79

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
itop	sisyphus	3.2.0.2-alt1	3.2.2-alt2	ALT-PU-2025-1468-2	369847	Fixed
itop	sisyphus_e2k	3.1.1.1-alt1	3.1.1.1-alt1	ALT-PU-2024-1071-1	-	Fixed
itop	sisyphus_riscv64	3.2.0.2-alt1	3.2.2-alt2	ALT-PU-2025-1528-1	-	Fixed
itop	sisyphus_loongarch64	3.1.1.1-alt1	3.2.2-alt2	ALT-PU-2024-1042-1	-	Fixed
itop	p10	3.1.1.1-alt1	3.1.1.1-alt1	ALT-PU-2024-4537-3	343613	Fixed
itop	p10_e2k	3.1.1.1-alt1	3.1.1.1-alt1	ALT-PU-2024-4805-1	-	Fixed
itop	c10f2	3.1.1.1-alt1	3.2.2-alt1	ALT-PU-2024-4549-3	343622	Fixed
itop	c9f2	3.1.1.1-alt1	3.2.0.2-alt0.c9f2.1	ALT-PU-2024-4547-3	343621	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://github.com/Combodo/iTop/commit/03c9ffc0334fd44f3f0e82477264087064e1c732	Patch
https://github.com/Combodo/iTop/security/advisories/GHSA-96xm-p83r-hm97	Vendor Advisory

Affected configurations:
1. cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
  Start including
  3.1.0
  End excluding
  3.1.1

Version: v26.2.2