CVE-2020-12477

Опубликовано: 29 апр. 2020

Источник: debian

Описание

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
teampass	itp			package

Связанные уязвимости

CVE-2020-12477

CVSS3: 7.5

nvd

почти 6 лет назад

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

GHSA-fv48-hjhp-94c7

CVSS3: 7.5

github

больше 4 лет назад

Incorrect Authorization in TeamPass