Описание
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.27.36 (включая)
cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 8.1
debian
почти 6 лет назад
Lack of authorization controls in REST API functions in TeamPass throu ...
EPSS
Процентиль: 53%
0.003
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-862