Vulnerabilities > Teampass

DATE CVE VULNERABILITY TITLE RISK
2020-05-04 CVE-2020-11671 Improper Privilege Management vulnerability in Teampass
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls.
network
teampass CWE-269
5.8
2020-04-29 CVE-2020-12479 Path Traversal vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
network
low complexity
teampass CWE-22
6.5
2020-04-29 CVE-2020-12478 Injection vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root.
network
low complexity
teampass CWE-74
5.0
2020-04-29 CVE-2020-12477 Information Exposure vulnerability in Teampass 2.1.27.36
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
network
low complexity
teampass CWE-200
5.0
2019-10-05 CVE-2019-17205 Cross-Site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt.
network
teampass CWE-79
4.3
2019-10-05 CVE-2019-17204 Cross-Site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
network
teampass CWE-79
3.5
2019-10-05 CVE-2019-17203 Cross-Site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
network
teampass CWE-79
3.5
2019-09-26 CVE-2019-16904 Cross-Site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin.
network
teampass CWE-79
3.5
2019-08-06 CVE-2019-12950 Cross-Site Scripting vulnerability in Teampass 2.1.27.35
An issue was discovered in TeamPass 2.1.27.35.
network
teampass CWE-79
3.5
2019-02-04 CVE-2019-1000001 Insufficiently Protected Credentials vulnerability in Teampass
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side.
network
low complexity
teampass CWE-522
5.0