Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xOXFyLWgzM2ctZnczas4AAQE5
TeamPass Storing Passwords in a Recoverable Format vulnerability
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.
Permalink: https://github.com/advisories/GHSA-q9qr-h33g-fw3jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xOXFyLWgzM2ctZnczas4AAQE5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 11 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-q9qr-h33g-fw3j, CVE-2019-1000001
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1000001
- https://github.com/nilsteampassnet/TeamPass/issues/2495
- https://github.com/advisories/GHSA-q9qr-h33g-fw3j
Blast Radius: 5.9
Affected Packages
packagist:nilsteampassnet/teampass
Dependent packages: 0Dependent repositories: 4
Downloads: 23 total
Affected Version Ranges: <= 2.1.27
No known fixed version
All affected versions: 2.1.21, 2.1.26, 2.1.27