CVE-2023-48710

Name of the Vulnerable Software and Affected Versions iTop versions prior to 2.7.10 iTop versions prior to 3.0.4 iTop versions prior to 3.1.1 iTop versions prior to 3.2.0

Description iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The pages/exec.php script has been fixed to limit execution of PHP files only. Other file types won't be retrieved and exposed.

Recommendations For versions prior to 2.7.10, update to version 2.7.10 or later. For versions prior to 3.0.4, update to version 3.0.4 or later. For versions prior to 3.1.1, update to version 3.1.1 or later. For versions prior to 3.2.0, update to version 3.2.0 or later. As a temporary workaround, consider restricting access to the env-production folder to minimize the risk of exploitation.