Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03Z2htLTZwNDItaDIyNs4AASGt
TeamPass Improper Privilege Management
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.
Permalink: https://github.com/advisories/GHSA-7ghm-6p42-h226JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03Z2htLTZwNDItaDIyNs4AASGt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 10 days ago
CVSS Score: 8.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-7ghm-6p42-h226, CVE-2017-15055
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-15055
- https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f
- http://blog.amossys.fr/teampass-multiple-cve-01.html
- https://github.com/advisories/GHSA-7ghm-6p42-h226
Blast Radius: 4.9
Affected Packages
packagist:nilsteampassnet/teampass
Dependent packages: 0Dependent repositories: 4
Downloads: 23 total
Affected Version Ranges: < 2.1.27.9
Fixed in: 2.1.27.9
All affected versions:
All unaffected versions: 2.1.21, 2.1.26, 2.1.27, 3.0.0, 3.0.10, 3.1.0, 3.1.1