CVE-2020-15218: Admin pages are cached and can be embedded
First published: Wed Jan 13 2021(Updated: )
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back button. This is fixed in versions 2.7.2 and 3.0.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTop | <2.7.2 | |
| iTop | =3.0.0-alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-15218?
CVE-2020-15218 has a medium severity rating due to the exposure of sensitive admin page contents after a user logs out.
How do I fix CVE-2020-15218?
To fix CVE-2020-15218, upgrade iTop to version 2.7.2 or later, or 3.0.0 if using the alpha version.
Which versions of iTop are affected by CVE-2020-15218?
CVE-2020-15218 affects iTop versions prior to 2.7.2 and 3.0.0-alpha.
What type of vulnerability is CVE-2020-15218?
CVE-2020-15218 is a caching vulnerability that exposes cached admin page content.
Can I mitigate the risks of CVE-2020-15218 without upgrading?
Mitigation options are limited without upgrading, but ensure users clear their browser cache after logging out.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/combodo
- canonical/itop
- version/itop/3.0.0-alpha