CVE-2017-15053
Vulnerability from cvelistv5
Published
2017-11-27 19:00
Modified
2024-08-05 19:42
Severity ?
Summary
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
References
cve@mitre.orghttp://blog.amossys.fr/teampass-multiple-cve-01.htmlExploit, Technical Description, Third Party Advisory
cve@mitre.orghttps://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3ePatch
af854a3a-2127-422b-91ae-364da2661108http://blog.amossys.fr/teampass-multiple-cve-01.htmlExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3ePatch
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:42:22.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_role\" on roles.queries.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_role\" on roles.queries.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
              "refsource": "MISC",
              "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
            },
            {
              "name": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e",
              "refsource": "MISC",
              "url": "https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15053",
    "datePublished": "2017-11-27T19:00:00",
    "dateReserved": "2017-10-06T00:00:00",
    "dateUpdated": "2024-08-05T19:42:22.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15053\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-27T19:29:00.317\",\"lastModified\":\"2024-11-21T03:14:01.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \\\"id\\\" parameter when invoking \\\"delete_role\\\" on roles.queries.php.\"},{\"lang\":\"es\",\"value\":\"Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar roles.queries.php. Es posible para un usuario manager modificar o eliminar cualquier rol arbitrario en la aplicaci\u00f3n.. Para explotar la vulnerabilidad, un atacante autenticado debe tener los derechos de manager de la aplicaci\u00f3n y alterar las peticiones enviadas directamente, por ejemplo cambiando el par\u00e1metro \\\"id\\\" al invocar \\\"delete_role\\\" en roles.queries.php.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1.27.9\",\"matchCriteriaId\":\"35D9C25C-1C7F-404B-B27E-00B1BC77A868\"}]}]}],\"references\":[{\"url\":\"http://blog.amossys.fr/teampass-multiple-cve-01.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://blog.amossys.fr/teampass-multiple-cve-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.