Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS03Z2htLTZwNDItaDIyNs4AASGt

High EPSS: 0.00341% (0.56179 Percentile) EPSS:
Permalink JSON

TeamPass Improper Privilege Management

Affected Packages Affected Versions Fixed Versions
packagist:nilsteampassnet/teampass < 2.1.27.9 2.1.27.9
0 Dependent packages
4 Dependent repositories
28 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

2.1.21, 2.1.26, 2.1.27, 3.0.0, 3.0.10, 3.1.0, 3.1.1

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.

References:

Identifiers

GHSA-7ghm-6p42-h226

CVE-2017-15055

Risk

Severity

High

EPSS

EPSS Percentage: 0.00341

EPSS Percentile: 0.56179

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/nilsteampassnet/TeamPass

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON