Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24780: N°4384 Security hardening · Combodo/iTop@b6fac4b

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.

CVE
#web#js

@@ -108,10 +108,10 @@ public function __construct(RequestManipulatorHelper $oRequestManipulator, Conte
/** * @param \Symfony\Component\HttpFoundation\Request $oRequest * @param string $sMode * @param string $sObjectClass * @param string $sObjectId * @param string $aFormProperties * @param string $sMode * @param string $sObjectClass * @param string $sObjectId * @param array $aFormProperties * * @return array * @@ -127,9 +127,10 @@ public function HandleForm(Request $oRequest, $sMode, $sObjectClass, $sObjectId $bModal = ($oRequest->isXmlHttpRequest() && empty($sOperation));
// - Retrieve form properties $aOriginalFormProperties = ApplicationHelper::GetLoadedFormFromClass($this->aCombodoPortalInstanceConf[‘forms’], $sObjectClass, $sMode); if ($aFormProperties === null) { $aFormProperties = ApplicationHelper::GetLoadedFormFromClass($this->aCombodoPortalInstanceConf[‘forms’], $sObjectClass, $sMode); $aFormProperties = $aOriginalFormProperties; }
// - Create and @@ -281,27 +282,24 @@ public function HandleForm(Request $oRequest, $sMode, $sObjectClass, $sObjectId
$oFormManager->Build(); $aFormData[‘hidden_fields’] = $oFormManager->GetHiddenFieldsId(); // Check the number of editable fields // Check the number of editable fields $aFormData[‘editable_fields_count’] = $oFormManager->GetForm()->GetEditableFieldCount(); } else { } else { // Update / Submit / Cancel /** @var \Combodo\iTop\Portal\Form\ObjectFormManager $sFormManagerClass */ $sFormManagerClass = $this->oRequestManipulator->ReadParam('formmanager_class’, '’, FILTER_UNSAFE_RAW); $sFormManagerData = $this->oRequestManipulator->ReadParam(‘formmanager_data’, ‘’, FILTER_UNSAFE_RAW); if (empty($sFormManagerClass) || empty($sFormManagerData)) { if (empty($sFormManagerClass) || empty($sFormManagerData)) { IssueLog::Error(__METHOD__.’ at line ‘.__LINE__.’ : Parameters formmanager_class and formamanager_data must be defined.’); throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, ‘Parameters formmanager_class and formmanager_data must be defined.’); }
/** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */ $oFormManager = $sFormManagerClass::FromJSON($sFormManagerData); $bTrustContent = $sFormManagerClass::CanTrustFormLayoutContent($sFormManagerData, $aOriginalFormProperties); $oFormManager = $sFormManagerClass::FromJSON($sFormManagerData, $bTrustContent); $oFormManager->SetContainer($this->oContainer);
// Applying action rules if present if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== ‘’)) { if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== ‘’)) { $aActionRules = ContextManipulatorHelper::DecodeRulesToken($oFormManager->GetActionRulesToken()); $oObj = $oFormManager->GetObject(); $this->oContextManipulator->PrepareObject($aActionRules, $oObj);

Related news

CVE-2022-24497: Windows Network File System Remote Code Execution Vulnerability

**I am running a supported version of Windows Server. Is my system vulnerable to this issue?** This vulnerability is only exploitable for systems that have the NFS role enabled. See NFS Overview for more information on this feature. More information on installing or uninstalling Roles or Role Services is available here.

CVE-2022-24482: Windows ALPC Elevation of Privilege Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907