Filtered by vendor Teampass
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11671 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.8 MEDIUM | 8.1 HIGH |
| Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. | |||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | |||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | |||||
| CVE-2015-7563 | 1 Teampass | 1 Teampass | 2020-06-16 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2020-05-01 | 6.5 MEDIUM | 8.8 HIGH |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |||||
| CVE-2017-15055 | 1 Teampass | 1 Teampass | 2019-10-03 | 6.5 MEDIUM | 8.1 HIGH |
| TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php. | |||||
| CVE-2017-15054 | 1 Teampass | 1 Teampass | 2017-12-07 | 6.5 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server. | |||||