Vulnerabilites related to teampass - teampass
cve-2023-3191
Vulnerability from cvelistv5
Published
2023-06-10 00:00
Modified
2025-01-06 17:05
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:05:23.797659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:05:33.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-10T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
}
],
"source": {
"advisory": "19fed157-128d-4bfb-a30e-eadf748cbd1a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3191",
"datePublished": "2023-06-10T00:00:00",
"dateReserved": "2023-06-10T00:00:00",
"dateUpdated": "2025-01-06T17:05:33.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11671
Vulnerability from cvelistv5
Published
2020-05-04 13:27
Modified
2024-08-04 11:35
Severity ?
EPSS score ?
Summary
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2765 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-04T13:27:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2765"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2765",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2765"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11671",
"datePublished": "2020-05-04T13:27:36",
"dateReserved": "2020-04-10T00:00:00",
"dateUpdated": "2024-08-04T11:35:13.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50701
Vulnerability from cvelistv5
Published
2024-12-30 00:00
Modified
2024-12-30 16:58
Severity ?
EPSS score ?
Summary
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:58:12.643311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:58:19.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TeamPass",
"vendor": "TeamPass",
"versions": [
{
"lessThan": "3.1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user\u0027s allowed folders list that has been defined by an admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:13:42.848Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50701",
"datePublished": "2024-12-30T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-12-30T16:58:19.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2234
Vulnerability from cvelistv5
Published
2012-04-22 01:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/81197 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.org/files/111905/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74910 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/53038 | vdb-entry, x_refsource_BID | |
| https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "81197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/81197"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111905/"
},
{
"name": "teampass-usersqueries-xss(74910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74910"
},
{
"name": "53038",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53038"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-12T17:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "81197",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/81197"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111905/"
},
{
"name": "teampass-usersqueries-xss(74910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74910"
},
{
"name": "53038",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53038"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81197",
"refsource": "OSVDB",
"url": "http://osvdb.org/81197"
},
{
"name": "http://packetstormsecurity.org/files/111905/",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111905/"
},
{
"name": "teampass-usersqueries-xss(74910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74910"
},
{
"name": "53038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53038"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2234",
"datePublished": "2012-04-22T01:00:00",
"dateReserved": "2012-04-13T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3773
Vulnerability from cvelistv5
Published
2014-08-07 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/05/18/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de | x_refsource_CONFIRM | |
| https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f | x_refsource_CONFIRM | |
| http://teampass.net/installation/2.1.20-released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/05/19/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:16.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-07T07:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"name": "http://teampass.net/installation/2.1.20-released.html",
"refsource": "CONFIRM",
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3773",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:16.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7562
Vulnerability from cvelistv5
Published
2017-04-12 22:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39559/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/nilsteampassnet/TeamPass/pull/1140 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-13T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39559",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/pull/1140",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7562",
"datePublished": "2017-04-12T22:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12950
Vulnerability from cvelistv5
Published
2019-08-06 16:16
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/releases | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/issues/2638 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2638"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php \"Import items\" feature, it is possible to load a crafted CSV file with an XSS payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T16:16:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2638"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php \"Import items\" feature, it is possible to load a crafted CSV file with an XSS payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/releases",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/releases"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2638",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2638"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12950",
"datePublished": "2019-08-06T16:16:40",
"dateReserved": "2019-06-24T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17204
Vulnerability from cvelistv5
Published
2019-10-05 21:44
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2689 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2689"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T21:44:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2689"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2689",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2689"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17204",
"datePublished": "2019-10-05T21:44:58",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15052
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.amossys.fr/teampass-multiple-cve-01.html | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15052",
"datePublished": "2017-11-27T19:00:00",
"dateReserved": "2017-10-06T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15053
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.amossys.fr/teampass-multiple-cve-01.html | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_role\" on roles.queries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_role\" on roles.queries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15053",
"datePublished": "2017-11-27T19:00:00",
"dateReserved": "2017-10-06T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15055
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.amossys.fr/teampass-multiple-cve-01.html | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15055",
"datePublished": "2017-11-27T19:00:00",
"dateReserved": "2017-10-06T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9436
Vulnerability from cvelistv5
Published
2017-06-05 14:00
Modified
2024-09-16 16:58
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:00.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-05T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9436",
"datePublished": "2017-06-05T14:00:00Z",
"dateReserved": "2017-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:54.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12479
Vulnerability from cvelistv5
Published
2020-04-29 21:49
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2762 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T21:49:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2762",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12479",
"datePublished": "2020-04-29T21:49:16",
"dateReserved": "2020-04-29T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3552
Vulnerability from cvelistv5
Published
2023-07-08 08:19
Modified
2024-10-30 14:47
Severity ?
EPSS score ?
Summary
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teampass",
"vendor": "teampass",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3552",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:45:38.326143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:47:23.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-08T08:19:04.324Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955"
}
],
"source": {
"advisory": "aeb2f43f-0602-4ac6-9685-273e87ff4ded",
"discovery": "EXTERNAL"
},
"title": "Improper Encoding or Escaping of Output in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3552",
"datePublished": "2023-07-08T08:19:04.324Z",
"dateReserved": "2023-07-08T08:18:52.463Z",
"dateUpdated": "2024-10-30T14:47:23.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3772
Vulnerability from cvelistv5
Published
2014-08-07 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/05/18/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f | x_refsource_CONFIRM | |
| http://teampass.net/installation/2.1.20-released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/05/19/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:16.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-07T07:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"name": "http://teampass.net/installation/2.1.20-released.html",
"refsource": "CONFIRM",
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3772",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:16.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3551
Vulnerability from cvelistv5
Published
2023-07-08 08:05
Modified
2024-10-30 14:49
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teampass",
"vendor": "teampass",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3551",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:45:50.635983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:49:35.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-08T08:05:24.407Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f"
}
],
"source": {
"advisory": "cf8878ff-6cd9-49be-b313-7ac2a94fc7f7",
"discovery": "EXTERNAL"
},
"title": "Code Injection in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3551",
"datePublished": "2023-07-08T08:05:24.407Z",
"dateReserved": "2023-07-08T08:05:13.069Z",
"dateUpdated": "2024-10-30T14:49:35.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1070
Vulnerability from cvelistv5
Published
2023-02-27 00:00
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.0.22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.0.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-27T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967"
}
],
"source": {
"advisory": "318bfdc4-7782-4979-956f-9ba2cc44889c",
"discovery": "EXTERNAL"
},
"title": "External Control of File Name or Path in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1070",
"datePublished": "2023-02-27T00:00:00",
"dateReserved": "2023-02-27T00:00:00",
"dateUpdated": "2024-08-02T05:32:46.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50702
Vulnerability from cvelistv5
Published
2024-12-30 00:00
Modified
2024-12-30 16:53
Severity ?
EPSS score ?
Summary
TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:53:10.677214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:53:18.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TeamPass",
"vendor": "TeamPass",
"versions": [
{
"lessThan": "3.1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:12:00.719Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/commit/35e2b479f2379545b4132bc30a9d052ba7018bf9"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50702",
"datePublished": "2024-12-30T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-12-30T16:53:18.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-50703
Vulnerability from cvelistv5
Published
2024-12-30 00:00
Modified
2024-12-30 16:41
Severity ?
EPSS score ?
Summary
TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T16:41:26.035685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:41:33.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TeamPass",
"vendor": "TeamPass",
"versions": [
{
"lessThan": "3.1.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T15:09:01.107Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1"
},
{
"url": "https://github.com/nilsteampassnet/TeamPass/commit/c7f7f809071eaa9e04505ee79cec7049a42959e9"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50703",
"datePublished": "2024-12-30T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-12-30T16:41:33.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15278
Vulnerability from cvelistv5
Published
2017-10-12 08:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9 | x_refsource_CONFIRM | |
| https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b | x_refsource_CONFIRM | |
| https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15278",
"datePublished": "2017-10-12T08:00:00",
"dateReserved": "2017-10-11T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3553
Vulnerability from cvelistv5
Published
2023-07-08 08:33
Modified
2024-10-30 14:46
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/857f002a-2794-4807-aa5d-2f340de01870"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/e9f90b746fdde135da3c7fbe4fa22fe2bd32e66b"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teampass",
"vendor": "teampass",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3553",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:42:24.665411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:46:29.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-08T08:33:44.816Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/857f002a-2794-4807-aa5d-2f340de01870"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/e9f90b746fdde135da3c7fbe4fa22fe2bd32e66b"
}
],
"source": {
"advisory": "857f002a-2794-4807-aa5d-2f340de01870",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3553",
"datePublished": "2023-07-08T08:33:44.816Z",
"dateReserved": "2023-07-08T08:33:31.066Z",
"dateUpdated": "2024-10-30T14:46:29.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1545
Vulnerability from cvelistv5
Published
2023-03-21 00:00
Modified
2025-02-26 18:32
Severity ?
EPSS score ?
Summary
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.0.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:32:17.100741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:32:30.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.0.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66"
}
],
"source": {
"advisory": "942c015f-7486-49b1-94ae-b1538d812bc2",
"discovery": "EXTERNAL"
},
"title": " SQL Injection in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1545",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-26T18:32:30.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16904
Vulnerability from cvelistv5
Published
2019-09-26 11:06
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2685 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2685"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-27T12:18:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2685"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2685",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2685"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16904",
"datePublished": "2019-09-26T11:06:33",
"dateReserved": "2019-09-26T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1000001
Vulnerability from cvelistv5
Published
2019-02-04 21:00
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2495 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2019-01-22T00:00:00",
"datePublic": "2018-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-04T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2019-01-22T21:21:10.011679",
"DATE_REQUESTED": "2019-01-03T07:58:53",
"ID": "CVE-2019-1000001",
"REQUESTER": "fx.du.moutier@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2495",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-1000001",
"datePublished": "2019-02-04T21:00:00",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-05T03:00:19.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3774
Vulnerability from cvelistv5
Published
2014-08-07 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/05/18/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de | x_refsource_CONFIRM | |
| https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f | x_refsource_CONFIRM | |
| http://teampass.net/installation/2.1.20-released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/05/19/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:16.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-07T07:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"name": "http://teampass.net/installation/2.1.20-released.html",
"refsource": "CONFIRM",
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3774",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:16.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3190
Vulnerability from cvelistv5
Published
2023-06-10 00:00
Modified
2025-01-06 17:11
Severity ?
EPSS score ?
Summary
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3190",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:10:44.884646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:11:04.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-10T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"url": "https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180"
}
],
"source": {
"advisory": "5562c4c4-0475-448f-a451-7c4666bc7180",
"discovery": "EXTERNAL"
},
"title": "Improper Encoding or Escaping of Output in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3190",
"datePublished": "2023-06-10T00:00:00",
"dateReserved": "2023-06-10T00:00:00",
"dateUpdated": "2025-01-06T17:11:04.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3095
Vulnerability from cvelistv5
Published
2023-06-04 00:00
Modified
2025-01-08 19:54
Severity ?
EPSS score ?
Summary
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/35c899a9-40a0-4e17-bfb5-2a1430bc83c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/774985f62f080715774604927fba2cb6ef701612"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3095",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:53:38.560136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T19:54:09.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-04T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/35c899a9-40a0-4e17-bfb5-2a1430bc83c4"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/774985f62f080715774604927fba2cb6ef701612"
}
],
"source": {
"advisory": "35c899a9-40a0-4e17-bfb5-2a1430bc83c4",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3095",
"datePublished": "2023-06-04T00:00:00",
"dateReserved": "2023-06-04T00:00:00",
"dateUpdated": "2025-01-08T19:54:09.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2021
Vulnerability from cvelistv5
Published
2023-04-13 00:00
Modified
2025-02-06 21:31
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:31:16.100802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:31:37.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-13T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58d"
}
],
"source": {
"advisory": "2e31082d-7aeb-46ff-84d6-9561758e3bf0",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2021",
"datePublished": "2023-04-13T00:00:00.000Z",
"dateReserved": "2023-04-13T00:00:00.000Z",
"dateUpdated": "2025-02-06T21:31:37.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2859
Vulnerability from cvelistv5
Published
2023-05-24 00:00
Modified
2025-02-12 17:01
Severity ?
EPSS score ?
Summary
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387af"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2859",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T19:03:07.788605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T17:01:06.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387af"
}
],
"source": {
"advisory": "d7b8ea75-c74a-4721-89bb-12e5c80fb0ba",
"discovery": "EXTERNAL"
},
"title": " Code Injection in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2859",
"datePublished": "2023-05-24T00:00:00.000Z",
"dateReserved": "2023-05-24T00:00:00.000Z",
"dateUpdated": "2025-02-12T17:01:06.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3086
Vulnerability from cvelistv5
Published
2023-06-03 00:00
Modified
2025-01-08 19:57
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:55:30.985914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T19:57:14.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79"
}
],
"source": {
"advisory": "17be9e8a-abe8-41db-987f-1d5b0686ae20",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3086",
"datePublished": "2023-06-03T00:00:00",
"dateReserved": "2023-06-03T00:00:00",
"dateUpdated": "2025-01-08T19:57:14.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7563
Vulnerability from cvelistv5
Published
2017-04-12 22:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39559/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/nilsteampassnet/TeamPass/pull/1140 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-12T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39559",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/pull/1140",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7563",
"datePublished": "2017-04-12T22:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3083
Vulnerability from cvelistv5
Published
2023-06-03 00:00
Modified
2025-02-12 16:36
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6b29e46-02e0-43ad-920f-28ac482ea2ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/79731553fa305d45dabb7a227f3074d56d7c94c1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T16:36:10.838973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:36:15.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-03T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c6b29e46-02e0-43ad-920f-28ac482ea2ab"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/79731553fa305d45dabb7a227f3074d56d7c94c1"
}
],
"source": {
"advisory": "c6b29e46-02e0-43ad-920f-28ac482ea2ab",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3083",
"datePublished": "2023-06-03T00:00:00.000Z",
"dateReserved": "2023-06-03T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:36:15.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3771
Vulnerability from cvelistv5
Published
2014-08-07 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/05/18/2 | mailing-list, x_refsource_MLIST | |
| https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f | x_refsource_CONFIRM | |
| http://teampass.net/installation/2.1.20-released.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/05/19/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-07T07:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"name": "http://teampass.net/installation/2.1.20-released.html",
"refsource": "CONFIRM",
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass \u003c= 2.1.19",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3771",
"datePublished": "2014-08-07T10:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3531
Vulnerability from cvelistv5
Published
2023-07-06 19:18
Modified
2024-11-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teampass",
"vendor": "teampass",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3531",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T18:23:06.192788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T18:23:52.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T19:18:45.317Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d"
}
],
"source": {
"advisory": "c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3531",
"datePublished": "2023-07-06T19:18:45.317Z",
"dateReserved": "2023-07-06T19:18:34.371Z",
"dateUpdated": "2024-11-07T18:23:52.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3565
Vulnerability from cvelistv5
Published
2023-07-08 13:24
Modified
2024-10-30 14:37
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:55.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/fcf46e1f-2ab6-4057-9d25-cf493ab09530"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/820bb49a362a566c9038e4a3048b26d654babb0e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "teampass",
"vendor": "teampass",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3565",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T14:13:05.288902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:37:07.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-08T13:24:33.695Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/fcf46e1f-2ab6-4057-9d25-cf493ab09530"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/820bb49a362a566c9038e4a3048b26d654babb0e"
}
],
"source": {
"advisory": "fcf46e1f-2ab6-4057-9d25-cf493ab09530",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3565",
"datePublished": "2023-07-08T13:24:33.695Z",
"dateReserved": "2023-07-08T13:24:20.783Z",
"dateUpdated": "2024-10-30T14:37:07.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15051
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.amossys.fr/teampass-multiple-cve-01.html | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS\u0027ed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS\u0027ed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15051",
"datePublished": "2017-11-27T19:00:00",
"dateReserved": "2017-10-06T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7564
Vulnerability from cvelistv5
Published
2017-04-12 22:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/39559/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/nilsteampassnet/TeamPass/pull/1140 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-12T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39559",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39559",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/pull/1140",
"refsource": "CONFIRM",
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7564",
"datePublished": "2017-04-12T22:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2516
Vulnerability from cvelistv5
Published
2023-05-05 00:00
Modified
2025-02-12 16:42
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:14:46.306620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T16:42:44.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927"
}
],
"source": {
"advisory": "19470f0b-7094-4339-8d4a-4b5570b54716",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2516",
"datePublished": "2023-05-05T00:00:00.000Z",
"dateReserved": "2023-05-04T00:00:00.000Z",
"dateUpdated": "2025-02-12T16:42:44.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2591
Vulnerability from cvelistv5
Published
2023-05-09 00:00
Modified
2025-01-28 19:26
Severity ?
EPSS score ?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/57a977c6323656e5dc06ab5c227e75c3465a1a4a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2591",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:25:52.499414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:26:03.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/57a977c6323656e5dc06ab5c227e75c3465a1a4a"
}
],
"source": {
"advisory": "705f79f4-f5e3-41d7-82a5-f00441cd984b",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2591",
"datePublished": "2023-05-09T00:00:00.000Z",
"dateReserved": "2023-05-09T00:00:00.000Z",
"dateUpdated": "2025-01-28T19:26:03.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3009
Vulnerability from cvelistv5
Published
2023-05-31 00:00
Modified
2025-01-10 14:52
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2929faca-5822-4636-8f04-ca5e0001361f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/6ba8cf1f4b89d62a08d122d533ccf4cb4e26a4ee"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-10T14:52:23.025809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T14:52:39.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-31T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2929faca-5822-4636-8f04-ca5e0001361f"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/6ba8cf1f4b89d62a08d122d533ccf4cb4e26a4ee"
}
],
"source": {
"advisory": "2929faca-5822-4636-8f04-ca5e0001361f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3009",
"datePublished": "2023-05-31T00:00:00",
"dateReserved": "2023-05-31T00:00:00",
"dateUpdated": "2025-01-10T14:52:39.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17203
Vulnerability from cvelistv5
Published
2019-10-05 21:45
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2690 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T21:45:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2690",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17203",
"datePublished": "2019-10-05T21:45:09",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17205
Vulnerability from cvelistv5
Published
2019-10-05 21:44
Modified
2024-08-05 01:33
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2688 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T21:44:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2688",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17205",
"datePublished": "2019-10-05T21:44:26",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3084
Vulnerability from cvelistv5
Published
2023-06-03 00:00
Modified
2025-01-08 17:48
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/61b9b7d4e33bbaad2cd61a7ee988f9c22298bf1a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:48:46.383476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:48:56.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-03T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/61b9b7d4e33bbaad2cd61a7ee988f9c22298bf1a"
}
],
"source": {
"advisory": "4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3084",
"datePublished": "2023-06-03T00:00:00",
"dateReserved": "2023-06-03T00:00:00",
"dateUpdated": "2025-01-08T17:48:56.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26980
Vulnerability from cvelistv5
Published
2022-03-28 18:00
Modified
2024-08-03 05:18
Severity ?
EPSS score ?
Summary
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/commits/teampass_2 | x_refsource_MISC | |
| https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-28T18:00:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-26980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
},
{
"name": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca",
"refsource": "MISC",
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26980",
"datePublished": "2022-03-28T18:00:20",
"dateReserved": "2022-03-13T00:00:00",
"dateUpdated": "2024-08-03T05:18:38.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1463
Vulnerability from cvelistv5
Published
2023-03-17 00:00
Modified
2025-02-26 15:00
Severity ?
EPSS score ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| nilsteampassnet | nilsteampassnet/teampass |
Version: unspecified < 3.0.0.23 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1463",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:59:42.911469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:00:21.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nilsteampassnet/teampass",
"vendor": "nilsteampassnet",
"versions": [
{
"lessThan": "3.0.0.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
},
{
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
}
],
"source": {
"advisory": "f6683c3b-a0f2-4615-b639-1920c8ae12e6",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1463",
"datePublished": "2023-03-17T00:00:00.000Z",
"dateReserved": "2023-03-17T00:00:00.000Z",
"dateUpdated": "2025-02-26T15:00:21.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12478
Vulnerability from cvelistv5
Published
2020-04-29 21:49
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2764 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T21:49:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2764",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12478",
"datePublished": "2020-04-29T21:49:25",
"dateReserved": "2020-04-29T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12477
Vulnerability from cvelistv5
Published
2020-04-29 21:49
Modified
2024-08-04 11:56
Severity ?
EPSS score ?
Summary
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/nilsteampassnet/TeamPass/issues/2761 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T21:49:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nilsteampassnet/TeamPass/issues/2761",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12477",
"datePublished": "2020-04-29T21:49:33",
"dateReserved": "2020-04-29T00:00:00",
"dateUpdated": "2024-08-04T11:56:52.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15054
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.amossys.fr/teampass-multiple-cve-01.html | x_refsource_MISC | |
| https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15054",
"datePublished": "2017-11-27T19:00:00",
"dateReserved": "2017-10-06T00:00:00",
"dateUpdated": "2024-08-05T19:42:22.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201704-0016
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. TeamPass is a password manager dedicated to Apache, MySQL and PHP.
A cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "teampass",
"scope": "lte",
"trust": 1.8,
"vendor": "teampass",
"version": "2.1.24"
},
{
"model": "teampass",
"scope": "lte",
"trust": 0.6,
"vendor": "teampass",
"version": "\u003c=2.1.24"
},
{
"model": "teampass",
"scope": "eq",
"trust": 0.6,
"vendor": "teampass",
"version": "2.1.24"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:teampass:teampass",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
}
]
},
"cve": "CVE-2015-7562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7562",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-06209",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-7562",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7562",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7562",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06209",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-616",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. TeamPass is a password manager dedicated to Apache, MySQL and PHP. \r\n\r\n\r\nA cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7562"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNVD",
"id": "CNVD-2017-06209"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7562",
"trust": 3.0
},
{
"db": "EXPLOIT-DB",
"id": "39559",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515",
"trust": 0.8
},
{
"db": "EXPLOITDB",
"id": "39559",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-06209",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"id": "VAR-201704-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
}
]
},
"last_update_date": "2024-11-23T21:41:31.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security fix for Multiple vulnerabilities #1140",
"trust": 0.8,
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"title": "Patch for TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-06209)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93405"
},
{
"title": "TeamPass Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69232"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"trust": 1.6,
"url": "https://github.com/nilsteampassnet/teampass/pull/1140"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7562"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"date": "2017-04-12T22:59:00.163000",
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06209"
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007515"
},
{
"date": "2017-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-616"
},
{
"date": "2024-11-21T02:36:59.387000",
"db": "NVD",
"id": "CVE-2015-7562"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TeamPass Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007515"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-616"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2022-03-28 19:15
Modified
2024-11-21 06:54
Severity ?
Summary
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commits/teampass_2 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commits/teampass_2 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "28AE082A-1C30-44C9-A7FD-F1F53C208B3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO."
},
{
"lang": "es",
"value": "Teampass versi\u00f3n 2.1.26, permite un ataque de tipo XSS reflejado por medio del PATH_INFO en el archivo index.php"
}
],
"id": "CVE-2022-26980",
"lastModified": "2024-11-21T06:54:54.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-28T19:15:08.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commits/teampass_2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-07 11:13
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teampass | teampass | * | |
| teampass | teampass | 2.1 | |
| teampass | teampass | 2.1.1 | |
| teampass | teampass | 2.1.2 | |
| teampass | teampass | 2.1.3 | |
| teampass | teampass | 2.1.4 | |
| teampass | teampass | 2.1.5 | |
| teampass | teampass | 2.1.10 | |
| teampass | teampass | 2.1.13 | |
| teampass | teampass | 2.1.14 | |
| teampass | teampass | 2.1.15 | |
| teampass | teampass | 2.1.18 | |
| teampass | teampass | 2.1.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C",
"versionEndIncluding": "2.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en items.php en TeamPass anterior a 2.1.20 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro group, el cual no se maneja debidamente en un elemento de formulario (1) hid_cat o (2) open_folder o (3) el par\u00e1metro id, el cual no se maneja debidamente en el elemento de formulario open_id."
}
],
"id": "CVE-2014-3774",
"lastModified": "2024-11-21T02:08:48.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-08-07T11:13:35.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-17 12:15
Modified
2024-11-21 07:39
Severity ?
Summary
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "764C6217-B0DC-46BE-8785-63C62947781F",
"versionEndExcluding": "3.0.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23."
}
],
"id": "CVE-2023-1463",
"lastModified": "2024-11-21T07:39:14.547",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-17T12:15:11.907",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-05 22:15
Modified
2024-11-21 04:31
Severity ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2688 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2688 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed."
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite un ataque de tipo XSS almacenado al colocar una carga \u00fatil en el campo username durante un intento de inicio de sesi\u00f3n. Cuando un administrador mira el registro de inicios de sesi\u00f3n fallidos, ser\u00e1 ejecutada la carga \u00fatil de tipo XSS."
}
],
"id": "CVE-2019-17205",
"lastModified": "2024-11-21T04:31:51.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-05T22:15:11.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-31 13:15
Modified
2024-11-21 08:16
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3009",
"lastModified": "2024-11-21T08:16:13.857",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-31T13:15:10.367",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/6ba8cf1f4b89d62a08d122d533ccf4cb4e26a4ee"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2929faca-5822-4636-8f04-ca5e0001361f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/6ba8cf1f4b89d62a08d122d533ccf4cb4e26a4ee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2929faca-5822-4636-8f04-ca5e0001361f"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-12 22:59
Modified
2024-11-21 02:36
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEDFBB13-3F7E-4BDD-AB0B-FAB4964DD7C4",
"versionEndIncluding": "2.1.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user."
},
{
"lang": "es",
"value": "Vulnerabilidad (CSRF) en TeamPass 2.1.24 y versiones anteriores permite a atacantes remotos a secuestrar la autenticaci\u00f3n de un usuario autenticado."
}
],
"id": "CVE-2015-7563",
"lastModified": "2024-11-21T02:36:59.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T22:59:00.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/39559/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-06 20:15
Modified
2024-11-21 08:17
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D28BC-A4B7-45E4-8B54-0F13DFB41437",
"versionEndExcluding": "3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"id": "CVE-2023-3531",
"lastModified": "2024-11-21T08:17:28.530",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-06T20:15:09.593",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/c9f0b3ff-bbc4-4ea1-a59e-8594b48bb414"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2638 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2638 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/releases | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.35:*:*:*:*:*:*:*",
"matchCriteriaId": "89FC0190-8E89-4809-86A9-B251619DC27E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php \"Import items\" feature, it is possible to load a crafted CSV file with an XSS payload."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en TeamPass versi\u00f3n 2.1.27.35. Desde la funcionalidad \"Import items\" del archivo sources/items.queries.php, es posible cargar un archivo CSV dise\u00f1ado con una carga \u00fatil de tipo XSS."
}
],
"id": "CVE-2019-12950",
"lastModified": "2024-11-21T04:23:53.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T17:15:43.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2638"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-13 12:15
Modified
2024-11-21 07:57
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD416596-A9B2-401B-A908-13AC544DB078",
"versionEndExcluding": "3.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3."
}
],
"id": "CVE-2023-2021",
"lastModified": "2024-11-21T07:57:46.530",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-13T12:15:08.793",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58d"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 19:29
Modified
2024-11-21 03:14
Severity ?
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868",
"versionEndExcluding": "2.1.27.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS\u0027ed."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) persistente en TeamPass en versiones anteriores a la 2.1.27.9 permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante (1) el valor URL de un elemento o (2) el historial de registros del usuario. Para explotar esta vulnerabilidad, el atacante debe estar primero autenticado en la aplicaci\u00f3n. Para el primero, el atacante solo tiene que inyectar c\u00f3digo XSS en el campo URL de un elemento compartido. Sin embargo, para el segundo, el atacante debe preparar una carga \u00fatil en su perfil y, a continuaci\u00f3n, pedir a un administrador que modifique su perfil. Desde aqu\u00ed, cada vez que el administrador accede al registro, puede sufrir XSS."
}
],
"id": "CVE-2017-15051",
"lastModified": "2024-11-21T03:14:00.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T19:29:00.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-07 11:13
Modified
2024-11-21 02:08
Severity ?
Summary
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teampass | teampass | * | |
| teampass | teampass | 2.1 | |
| teampass | teampass | 2.1.1 | |
| teampass | teampass | 2.1.2 | |
| teampass | teampass | 2.1.3 | |
| teampass | teampass | 2.1.4 | |
| teampass | teampass | 2.1.5 | |
| teampass | teampass | 2.1.10 | |
| teampass | teampass | 2.1.13 | |
| teampass | teampass | 2.1.14 | |
| teampass | teampass | 2.1.15 | |
| teampass | teampass | 2.1.18 | |
| teampass | teampass | 2.1.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C",
"versionEndIncluding": "2.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php."
},
{
"lang": "es",
"value": "TeamPass anterior a 2.1.20 permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de una solicitud en index.php seguida por una solicitud directa en un fichero que llama la funci\u00f3n session_start antes de comprobar la clave CPM, tal y como fue demostrado por una solicitud en sources/upload/upload.files.php."
}
],
"id": "CVE-2014-3772",
"lastModified": "2024-11-21T02:08:48.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-07T11:13:35.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-12 22:59
Modified
2024-11-21 02:36
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE0DE235-0EEB-43F4-A25B-3095CFCBFC9B",
"versionEndIncluding": "2.1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades (XSS) en TeamPass 2.1.24 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTLM a trav\u00e9s del (1) valor de etiqueta o (2) nombre de una funci\u00f3n."
}
],
"id": "CVE-2015-7562",
"lastModified": "2024-11-21T02:36:59.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T22:59:00.163",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/39559/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-09 10:15
Modified
2024-11-21 07:58
Severity ?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E017F7-C597-4550-9520-9444D115C381",
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
}
],
"id": "CVE-2023-2591",
"lastModified": "2024-11-21T07:58:53.503",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-09T10:15:10.683",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/57a977c6323656e5dc06ab5c227e75c3465a1a4a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/57a977c6323656e5dc06ab5c227e75c3465a1a4a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-12 08:29
Modified
2024-11-21 03:14
Severity ?
Summary
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FABC017-C09E-40C2-96EF-667CEF2F9FFA",
"versionEndIncluding": "2.1.27.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
},
{
"lang": "es",
"value": "Se ha descubierto Cross-Site Scripting (XSS) en TeamPass en versiones anteriores a la 2.1.27.9. Esta vulnerabilidad existe por un filtrado insuficiente de datos (en /sources/folders.queries.php). Un atacante podr\u00eda ejecutar c\u00f3digo script y HTML arbitrario en un navegador en el contexto del sitio web vulnerable."
}
],
"id": "CVE-2017-15278",
"lastModified": "2024-11-21T03:14:22.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-12T08:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-27 16:15
Modified
2024-11-21 07:38
Severity ?
Summary
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B67102-2E2A-4A47-B6E7-9830A17463BE",
"versionEndExcluding": "3.0.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22."
}
],
"id": "CVE-2023-1070",
"lastModified": "2024-11-21T07:38:24.080",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-27T16:15:12.697",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 19:29
Modified
2024-11-21 03:14
Severity ?
Summary
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868",
"versionEndExcluding": "2.1.27.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server."
},
{
"lang": "es",
"value": "Una vulnerabilidad de subida de archivos arbitrarios, presente en versiones anteriores a la 2.1.27.9 de TeamPass, permite que usuarios autenticados remotos suban archivos arbitrarios conduciendo a la ejecuci\u00f3n remota de comandos. Para explotar esta vulnerabilidad, un atacante autenticado tiene que alterar los par\u00e1metros de una petici\u00f3n en upload.files.php para seleccionar la rama correcta y ser capaz de subir cualquier archivo arbitrario. Desde ah\u00ed, puede simplemente acceder al archivo para ejecutar c\u00f3digo en el servidor."
}
],
"id": "CVE-2017-15054",
"lastModified": "2024-11-21T03:14:01.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T19:29:00.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-07 11:13
Modified
2024-11-21 02:08
Severity ?
Summary
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teampass | teampass | * | |
| teampass | teampass | 2.1 | |
| teampass | teampass | 2.1.1 | |
| teampass | teampass | 2.1.2 | |
| teampass | teampass | 2.1.3 | |
| teampass | teampass | 2.1.4 | |
| teampass | teampass | 2.1.5 | |
| teampass | teampass | 2.1.10 | |
| teampass | teampass | 2.1.13 | |
| teampass | teampass | 2.1.14 | |
| teampass | teampass | 2.1.15 | |
| teampass | teampass | 2.1.18 | |
| teampass | teampass | 2.1.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C",
"versionEndIncluding": "2.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."
},
{
"lang": "es",
"value": "TeamPass anterior a 2.1.20 permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de la ruta del fichero de idiomas en (1) una solicitud en index.php o (2) una solicitud \u0027change_user_language\u0027 en sources/main.queries.php."
}
],
"id": "CVE-2014-3771",
"lastModified": "2024-11-21T02:08:47.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-07T11:13:35.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2761 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2761 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function."
},
{
"lang": "es",
"value": "Las funciones de la API REST en TeamPass versi\u00f3n 2.1.27.36, permiten a cualquier usuario con un token de API v\u00e1lido omitir las restricciones de la lista blanca de direcciones IP por medio de un encabezado HTTP del cliente X-Fordered-For en la funci\u00f3n getIp."
}
],
"id": "CVE-2020-12477",
"lastModified": "2024-11-21T04:59:46.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T22:15:12.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2761"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-04 14:15
Modified
2024-11-21 04:58
Severity ?
Summary
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2765 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2765 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819F6BD1-3958-4C85-B0B3-102A359A7634",
"versionEndIncluding": "2.1.27.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default."
},
{
"lang": "es",
"value": "La falta de controles de autorizaci\u00f3n en las funciones de la API REST en TeamPass versiones hasta 2.1.27.36, permite a cualquier usuario de TeamPass con un token de API v\u00e1lido convertirse en administrador de TeamPass y leer y modificar todas las contrase\u00f1as mediante llamadas autenticadas a la API REST del archivo api/index.php. NOTA: la API no est\u00e1 disponible de manera predeterminada."
}
],
"id": "CVE-2020-11671",
"lastModified": "2024-11-21T04:58:22.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-04T14:15:13.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2765"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-21 11:15
Modified
2024-11-21 07:39
Severity ?
Summary
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "764C6217-B0DC-46BE-8785-63C62947781F",
"versionEndExcluding": "3.0.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23."
}
],
"id": "CVE-2023-1545",
"lastModified": "2024-11-21T07:39:24.863",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-21T11:15:10.453",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2764 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2764 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files."
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite a un atacante no autenticado recuperar archivos de la web root de TeamPass. Esto puede incluir copias de seguridad o archivos de depuraci\u00f3n de LDAP."
}
],
"id": "CVE-2020-12478",
"lastModified": "2024-11-21T04:59:46.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T22:15:12.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2764"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-08 09:15
Modified
2024-11-21 08:17
Severity ?
Summary
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D28BC-A4B7-45E4-8B54-0F13DFB41437",
"versionEndExcluding": "3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"id": "CVE-2023-3552",
"lastModified": "2024-11-21T08:17:31.377",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-08T09:15:43.180",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-05 14:29
Modified
2024-11-21 03:36
Severity ?
Summary
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | Issue Tracking, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E39DA4-DF60-4DB1-B647-AFE8EC9E7DB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3FE1B6-B126-45F2-8741-901E97C79894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8896298A-354B-4AEF-BA87-945A2F09A977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C276CD9C-09A4-4D97-B371-33DE4F0558F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7A6CB-ED06-4AE9-9A56-5146F5906253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94E05F72-3EDC-4DF7-B2E9-D22E512346E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96FD295D-C318-4484-A097-1F6EBE417491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3EE7AE-D4E5-42BB-A1FB-6790789CEC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51E6BC0C-670F-499D-B639-D7766A9DE80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.24.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FE663CEF-6D83-440A-A103-3596FFBF9677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C082E19A-88A6-4A6F-8436-41DC217106A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FECEF3A-84DD-430D-9DD8-4ECAD0BCBA99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.25.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86A131C1-42F7-4286-9AE1-C6EEC6FAF55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.25.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC5E891-17C1-4E95-9E00-2110FA2CBBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "28AE082A-1C30-44C9-A7FD-F1F53C208B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "897F9ED9-E288-43A7-8D26-F29131DE49FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CB8FBFB-CB8F-4672-B3D9-D5402ADB8D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B776505D-7C89-42CF-9E24-A768462B2576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CED2812-E7AD-4B27-8794-76DDE1AA3CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.4:*:*:*:*:*:*:*",
"matchCriteriaId": "647F45F5-27FC-445B-8560-3BABD223FE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE0C84A-345A-4B9A-A50C-46814970C0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21EDF657-C59F-4DB3-B0F1-516854FBBECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.7:*:*:*:*:*:*:*",
"matchCriteriaId": "654A9BA2-5DF1-4BA3-AFE5-ADF610F60C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F19D551F-A27A-4646-B4A5-958AC366F5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2370D3-F123-462E-94C6-196CD11D3D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A45C638-FB9C-442A-8617-A15EA8517304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD262F8E-5209-47CB-AD08-033FD346084E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7A49988E-DCBF-4CA7-A9BD-FAAB15F6C694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D5270230-1A7E-4602-845A-1A31AF4758AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D9800AF7-E93B-4051-AB84-C70E67C8366B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.15:*:*:*:*:*:*:*",
"matchCriteriaId": "905A3A93-5429-4617-87EE-E2F89BDB9F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E4613D1E-15FF-4F08-8E14-7F0982A037CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B042637C-4E8D-4A77-8ADB-6A02CEDD8210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C228A11C-7C26-4DC0-9B5F-F7044FB3D98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.26.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3C3ECC-A39E-427C-A8A6-C468B4E3DE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B1AFA-390F-4DE1-84B9-71C707704FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDDA6D8-8517-4A64-888E-F2BEF5D3A8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C82FB18A-BFB6-4C36-B311-C86AD904637D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E08B58C4-356C-4793-B9DA-D8AF041EFDE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php."
},
{
"lang": "es",
"value": "TeamPass anterior a versi\u00f3n 2.1.27.4, es vulnerable a una inyecci\u00f3n SQL en el archivo users.queries.php."
}
],
"id": "CVE-2017-9436",
"lastModified": "2024-11-21T03:36:07.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-05T14:29:00.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 19:29
Modified
2024-11-21 03:14
Severity ?
Summary
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868",
"versionEndExcluding": "2.1.27.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de elementos al solicitar items.queries.php. Es posible copiar cualquier elemento arbitrario en un directorio controlado por el atacante, editar cualquier elemento en un directorio de solo lectura, eliminar un elemento arbitrario, eliminar los archivos adjuntos de un elemento arbitrario, copiar la contrase\u00f1a de un elemento arbitrario en el b\u00fafer copy/paste, acceder al historial de un elemento arbitrario y editar los atributos de un directorio arbitrario. Para explotar la vulnerabilidad, un atacante autenticado debe alterar las peticiones enviadas directamente, por ejemplo cambiando el par\u00e1metro \"item_id\" al invocar \"copy_item\" en items.queries.php."
}
],
"id": "CVE-2017-15055",
"lastModified": "2024-11-21T03:14:01.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T19:29:00.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-03 12:15
Modified
2024-11-21 08:16
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3086",
"lastModified": "2024-11-21T08:16:24.863",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-03T12:15:09.317",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-26 12:15
Modified
2024-11-21 04:31
Severity ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2685 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2685 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)"
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite un ataque de tipo XSS mediante el establecimiento de una contrase\u00f1a dise\u00f1ada para un elemento en una carpeta y entonces compartir ese elemento con un administrador. (La contrase\u00f1a dise\u00f1ada es explotable cuando se visualiza el historial de cambios o el campo de contrase\u00f1a usado previamente)."
}
],
"id": "CVE-2019-16904",
"lastModified": "2024-11-21T04:31:18.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T12:15:11.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2685"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-10 09:15
Modified
2024-11-21 08:16
Severity ?
Summary
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3190",
"lastModified": "2024-11-21T08:16:39.573",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-10T09:15:09.343",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-12 22:59
Modified
2024-11-21 02:36
Severity ?
Summary
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| secalert@redhat.com | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/pull/1140 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/39559/ | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE0DE235-0EEB-43F4-A25B-3095CFCBFC9B",
"versionEndIncluding": "2.1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en TeamPass 2.1.24 y versiones anteriores permiten a atacantes remotos a ejecutar comandos arbitrarios SQL a trav\u00e9s de (1) el par\u00e1metro id en una acci\u00f3n action_on_quick_icon a un item.query.php o (2) el orden o (3) el par\u00e1metro de direcci\u00f3n en un (a) connections_logs, (b) errors_logs o (c) acci\u00f3n access_logs en un view.query.php."
}
],
"id": "CVE-2015-7564",
"lastModified": "2024-11-21T02:36:59.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-12T22:59:00.227",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/39559/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/pull/1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/39559/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-04 11:15
Modified
2024-11-21 08:16
Severity ?
Summary
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3095",
"lastModified": "2024-11-21T08:16:26.800",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 4.7,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-04T11:15:09.167",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/774985f62f080715774604927fba2cb6ef701612"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/35c899a9-40a0-4e17-bfb5-2a1430bc83c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/774985f62f080715774604927fba2cb6ef701612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/35c899a9-40a0-4e17-bfb5-2a1430bc83c4"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-22 03:44
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76E30D0F-C4CA-4A33-A266-89F06948D204",
"versionEndIncluding": "2.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en users.queries.php en ETeamPass antes de v2.1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \u0027login\u0027 (inicio de sesi\u00f3n)."
}
],
"id": "CVE-2012-2234",
"lastModified": "2024-11-21T01:38:44.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-22T03:44:43.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/81197"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/files/111905/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74910"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/81197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/files/111905/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-07 11:13
Modified
2024-11-21 02:08
Severity ?
Summary
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teampass | teampass | * | |
| teampass | teampass | 2.1 | |
| teampass | teampass | 2.1.1 | |
| teampass | teampass | 2.1.2 | |
| teampass | teampass | 2.1.3 | |
| teampass | teampass | 2.1.4 | |
| teampass | teampass | 2.1.5 | |
| teampass | teampass | 2.1.10 | |
| teampass | teampass | 2.1.13 | |
| teampass | teampass | 2.1.14 | |
| teampass | teampass | 2.1.15 | |
| teampass | teampass | 2.1.18 | |
| teampass | teampass | 2.1.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*",
"matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C",
"versionEndIncluding": "2.1.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en TeamPass anterior a 2.1.20 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro login en una acci\u00f3n (1) send_pw_by_email o (2) generate_new_password en sources/main.queries.php; el par\u00e1metro iDisplayStart en (3) datatable.logs.php o (4) un fichero en source/datatable/; o el par\u00e1metro iDisplayLength en (5) datatable.logs.php o (6) un fichero en source/datatable/; o permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de un par\u00e1metro sSortDir_ en (7) datatable.logs.php o (8) un fichero en source/datatable/."
}
],
"id": "CVE-2014-3773",
"lastModified": "2024-11-21T02:08:48.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-07T11:13:35.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://teampass.net/installation/2.1.20-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-05 22:15
Modified
2024-11-21 04:31
Severity ?
Summary
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2690 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2690 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder."
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite un ataque de tipo XSS almacenado en la p\u00e1gina de B\u00fasqueda mediante el establecimiento de una contrase\u00f1a dise\u00f1ada para un elemento en cualquier carpeta."
}
],
"id": "CVE-2019-17203",
"lastModified": "2024-11-21T04:31:51.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-05T22:15:10.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2690"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-03 11:15
Modified
2024-11-21 08:16
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3084",
"lastModified": "2024-11-21T08:16:24.550",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-03T11:15:20.737",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/61b9b7d4e33bbaad2cd61a7ee988f9c22298bf1a"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/61b9b7d4e33bbaad2cd61a7ee988f9c22298bf1a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-08 09:15
Modified
2024-11-21 08:17
Severity ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D28BC-A4B7-45E4-8B54-0F13DFB41437",
"versionEndExcluding": "3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"id": "CVE-2023-3553",
"lastModified": "2024-11-21T08:17:31.557",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-08T09:15:43.247",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/e9f90b746fdde135da3c7fbe4fa22fe2bd32e66b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/857f002a-2794-4807-aa5d-2f340de01870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/e9f90b746fdde135da3c7fbe4fa22fe2bd32e66b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/857f002a-2794-4807-aa5d-2f340de01870"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 22:15
Modified
2024-11-21 04:59
Severity ?
Summary
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2762 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2762 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal."
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite que cualquier usuario autenticado de TeamPass desencadene una vulnerabilidad de inclusi\u00f3n de archivos PHP por medio de una petici\u00f3n HTTP dise\u00f1ada con un salto de directorio de newValue del archivo sources/users.queries.php."
}
],
"id": "CVE-2020-12479",
"lastModified": "2024-11-21T04:59:47.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T22:15:12.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 16:15
Modified
2024-11-21 08:17
Severity ?
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D28BC-A4B7-45E4-8B54-0F13DFB41437",
"versionEndExcluding": "3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"id": "CVE-2023-3565",
"lastModified": "2024-11-21T08:17:33.440",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:56.317",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/820bb49a362a566c9038e4a3048b26d654babb0e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fcf46e1f-2ab6-4057-9d25-cf493ab09530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/820bb49a362a566c9038e4a3048b26d654babb0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/fcf46e1f-2ab6-4057-9d25-cf493ab09530"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-24 08:15
Modified
2024-11-21 07:59
Severity ?
Summary
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-2859",
"lastModified": "2024-11-21T07:59:26.250",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-24T08:15:09.713",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387af"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387af"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-08 09:15
Modified
2024-11-21 08:17
Severity ?
Summary
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3D28BC-A4B7-45E4-8B54-0F13DFB41437",
"versionEndExcluding": "3.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10."
}
],
"id": "CVE-2023-3551",
"lastModified": "2024-11-21T08:17:31.210",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-08T09:15:42.750",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-05 22:15
Modified
2024-11-21 04:31
Severity ?
Summary
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2689 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2689 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B0281707-7711-476C-86A7-2EFD6C8DD8DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item."
},
{
"lang": "es",
"value": "TeamPass versi\u00f3n 2.1.27.36, permite un ataque de tipo XSS almacenado al establecer una etiqueta de base de conocimiento dise\u00f1ada y agregar cualquier elemento disponible."
}
],
"id": "CVE-2019-17204",
"lastModified": "2024-11-21T04:31:51.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-05T22:15:11.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2689"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 19:29
Modified
2024-11-21 03:14
Severity ?
Summary
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868",
"versionEndExcluding": "2.1.27.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_role\" on roles.queries.php."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar roles.queries.php. Es posible para un usuario manager modificar o eliminar cualquier rol arbitrario en la aplicaci\u00f3n.. Para explotar la vulnerabilidad, un atacante autenticado debe tener los derechos de manager de la aplicaci\u00f3n y alterar las peticiones enviadas directamente, por ejemplo cambiando el par\u00e1metro \"id\" al invocar \"delete_role\" en roles.queries.php."
}
],
"id": "CVE-2017-15053",
"lastModified": "2024-11-21T03:14:01.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T19:29:00.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-10 09:15
Modified
2024-11-21 08:16
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3191",
"lastModified": "2024-11-21T08:16:39.710",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-10T09:15:09.730",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-03 08:15
Modified
2024-11-21 08:16
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBD6586-DC7F-4FD6-BB8D-9874CCFACB2E",
"versionEndExcluding": "3.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9."
}
],
"id": "CVE-2023-3083",
"lastModified": "2024-11-21T08:16:24.413",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-03T08:15:08.853",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/79731553fa305d45dabb7a227f3074d56d7c94c1"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c6b29e46-02e0-43ad-920f-28ac482ea2ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/79731553fa305d45dabb7a227f3074d56d7c94c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c6b29e46-02e0-43ad-920f-28ac482ea2ab"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-27 19:29
Modified
2024-11-21 03:14
Severity ?
Summary
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.amossys.fr/teampass-multiple-cve-01.html | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1 | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C25C-1C7F-404B-B27E-00B1BC77A868",
"versionEndExcluding": "2.1.27.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."
},
{
"lang": "es",
"value": "Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar users.queries.php. En ese caso, es posible que un usuario manager elimine un usuario arbitrario (incluyendo a un administrador) o que modifique atributos de cualquier usuario arbitrario excepto un administrador. Para explotar la vulnerabilidad, un atacante autenticado debe tener los derechos de manager de la aplicaci\u00f3n y alterar las peticiones enviadas directamente, por ejemplo cambiando el par\u00e1metro \"id\" al invocar \"delete_user\" en users.queries.php."
}
],
"id": "CVE-2017-15052",
"lastModified": "2024-11-21T03:14:00.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T19:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-05 19:15
Modified
2024-11-21 07:58
Severity ?
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77E017F7-C597-4550-9520-9444D115C381",
"versionEndExcluding": "3.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7."
}
],
"id": "CVE-2023-2516",
"lastModified": "2024-11-21T07:58:45.490",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-05T19:15:15.763",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 21:29
Modified
2024-11-21 04:17
Severity ?
Summary
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nilsteampassnet/TeamPass/issues/2495 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nilsteampassnet/TeamPass/issues/2495 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D717DD-5451-4388-AEA7-44FAE59A8510",
"versionEndIncluding": "2.1.27.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage."
},
{
"lang": "es",
"value": "TeamPass, en versiones 2.1.27 y anteriores, contiene una vulnerabilidad de almacenamiento de contrase\u00f1as en formato recuperable en los almacenes de contrase\u00f1as compartidos que puede resultar en que todas las contrase\u00f1as se pueden recuperar del lado del servidor. Este ataque parece ser explotable mediante una vulnerabilidad que puede omitir la autenticaci\u00f3n o la asignaci\u00f3n de roles y puede conducir al filtrado de las contrase\u00f1as compartidas."
}
],
"id": "CVE-2019-1000001",
"lastModified": "2024-11-21T04:17:38.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T21:29:00.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}