Vulnerabilities > Peppermint > Peppermint > 0.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-46863 Path Traversal vulnerability in Peppermint
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
network
low complexity
peppermint CWE-22
7.5
7.5
2023-10-30 CVE-2023-46864 Path Traversal vulnerability in Peppermint
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
network
low complexity
peppermint CWE-22
5.3
5.3
2023-09-18 CVE-2023-42328 Use of Hard-coded Credentials vulnerability in Peppermint
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
network
low complexity
peppermint CWE-798
8.8
8.8