CVE-2020-15220: Session fixation
First published: Wed Jan 13 2021(Updated: )
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Combodo iTop | <2.7.2 | |
| Combodo iTop | =3.0.0-alpha |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-15220?
CVE-2020-15220 is a vulnerability in Combodo iTop versions 2.7.2 and 3.0.0 where two cookies are created for the same session, which can lead to the theft of user sessions.
What is the severity of CVE-2020-15220?
The severity of CVE-2020-15220 is medium with a CVSS score of 6.1.
How does CVE-2020-15220 affect Combodo iTop?
CVE-2020-15220 affects Combodo iTop versions 2.7.2 and 3.0.0 by creating two cookies for the same session, which can be exploited to steal user sessions.
How can I fix CVE-2020-15220?
To fix CVE-2020-15220, upgrade to iTop versions 2.7.2 or 3.0.0, which have addressed this vulnerability.
Where can I find more information about CVE-2020-15220?
More information about CVE-2020-15220 can be found in the Combodo iTop security advisory available at the following link: [https://github.com/Combodo/iTop/security/advisories/GHSA-qw4q-cmcv-7vv2](https://github.com/Combodo/iTop/security/advisories/GHSA-qw4q-cmcv-7vv2).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/combodo
- canonical/combodo itop
- version/combodo itop/3.0.0-alpha