Vulnerabilities > Peppermint

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-46863 Path Traversal vulnerability in Peppermint
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
network
low complexity
peppermint CWE-22
7.5
2023-10-30 CVE-2023-46864 Path Traversal vulnerability in Peppermint
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
network
low complexity
peppermint CWE-22
5.3
2023-09-18 CVE-2023-42328 Use of Hard-coded Credentials vulnerability in Peppermint
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
network
low complexity
peppermint CWE-798
8.8
2023-03-29 CVE-2023-26984 Authorization Bypass Through User-Controlled Key vulnerability in Peppermint 0.2.4
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
network
low complexity
peppermint CWE-639
8.1