CVE-2020-12477

Опубликовано: 29 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

Ссылки

https://github.com/nilsteampassnet/TeamPass/issues/2761
Exploit
Third Party Advisory
https://github.com/nilsteampassnet/TeamPass/issues/2761
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00812

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2020-12477

CVSS3: 7.5

debian

почти 6 лет назад

The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...

GHSA-fv48-hjhp-94c7

CVSS3: 7.5

github

больше 4 лет назад

Incorrect Authorization in TeamPass

EPSS

Процентиль: 74%

0.00812

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863