Описание
Incorrect Authorization in TeamPass
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
Пакеты
Наименование
nilsteampassnet/teampass
composer
Затронутые версииВерсия исправления
<= 2.1.27.36
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
почти 6 лет назад
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
CVSS3: 7.5
debian
почти 6 лет назад
The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...