Количество 3
Количество 3
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access cont ...
GHSA-xvjf-394g-phrr
TeamPass Improper Privilege Management
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-15053 TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php. | CVSS3: 4.9 | 0% Низкий | больше 8 лет назад |
| CVE-2017-15053 TeamPass before 2.1.27.9 does not properly enforce manager access cont ... | CVSS3: 4.9 | 0% Низкий | больше 8 лет назад |
| GHSA-xvjf-394g-phrr TeamPass Improper Privilege Management | CVSS3: 4.9 | 0% Низкий | почти 4 года назад |
Уязвимостей на страницу