Количество 3
Количество 3
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access cont ...
GHSA-xvjf-394g-phrr
TeamPass Improper Privilege Management
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-15053 TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php. | CVSS3: 4.9 | 0% Низкий | почти 8 лет назад |
| CVE-2017-15053 TeamPass before 2.1.27.9 does not properly enforce manager access cont ... | CVSS3: 4.9 | 0% Низкий | почти 8 лет назад |
| GHSA-xvjf-394g-phrr TeamPass Improper Privilege Management | CVSS3: 4.9 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу