CVE-2024-52601
📋 TL;DR
This vulnerability in iTop allows authenticated users with portal access to view objects they shouldn't have permission to access by querying an unprotected route. It affects all iTop installations with versions prior to 2.7.12, 3.1.3, and 3.2.1. The issue is an authorization bypass that exposes sensitive data.
💻 Affected Systems
- iTop
📦 What is this software?
Itop by Combodo
Itop by Combodo
Itop by Combodo
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access all sensitive IT service management data including user information, configuration details, and potentially credentials stored in the system.
Likely Case
Unauthorized users accessing confidential IT service tickets, user data, and system configuration information they shouldn't see.
If Mitigated
Limited exposure if proper network segmentation and access controls are in place, but still potential for data leakage.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.12, 3.1.3, or 3.2.1
Vendor Advisory: https://github.com/Combodo/iTop/security/advisories/GHSA-cph2-466c-3f87
Restart Required: Yes
Instructions:
1. Backup your iTop installation and database. 2. Download the patched version (2.7.12, 3.1.3, or 3.2.1) from the official iTop repository. 3. Follow the iTop upgrade documentation for your version. 4. Restart the web server service.
🔧 Temporary Workarounds
Restrict Portal Access
allTemporarily disable or restrict portal access to only essential users until patching can be completed.
Modify iTop configuration to limit portal user accounts
Network Segmentation
allImplement network controls to restrict access to iTop portal from untrusted networks.
Configure firewall rules to limit iTop portal access to trusted IP ranges
🧯 If You Can't Patch
- Implement strict access controls and monitor all portal user activity
- Consider temporarily disabling the portal feature if not essential
🔍 How to Verify
Check if Vulnerable:
Check your iTop version in the administration panel or by examining the setup/version.php file. If version is below 2.7.12, 3.1.3, or 3.2.1, you are vulnerable.Check Version:
Check the setup/version.php file or login to iTop admin panel and view version informationVerify Fix Applied:
After upgrading, verify the version shows 2.7.12, 3.1.3, or 3.2.1 in the administration panel. Test portal access controls to ensure unauthorized data access is prevented.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to portal routes, multiple failed authorization attempts followed by successful data access
Network Indicators:
- Unusual HTTP requests to portal endpoints from authenticated users
SIEM Query:
source="iTop_logs" AND (event="unauthorized_access" OR event="portal_access" AND user_role="portal_user")