Jm-Syn

**Name of the Vulnerable Software and Affected Versions** iTop versions prior to 3.0.4 iTop versions prior to 3.1.1 **Description** The issue is related to the dashboard editor of the iTop IT service management platform, which can load multiple files and URLs, and is vulnerable to full path disclosure on the dashboard config file. This can allow a remote attacker to disclose protected information due to incorrect restriction of access to a directory with limited access. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the dashboard editor to minimize the risk of exploitation.