Vulnerabilities > Teampass

DATE CVE VULNERABILITY TITLE RISK
2020-05-04 CVE-2020-11671 Missing Authorization vulnerability in Teampass
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls.
network
low complexity
teampass CWE-862
8.1
2020-04-29 CVE-2020-12479 Path Traversal vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
network
low complexity
teampass CWE-22
8.8
2020-04-29 CVE-2020-12478 Missing Authentication for Critical Function vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root.
network
low complexity
teampass CWE-306
7.5
2020-04-29 CVE-2020-12477 Incorrect Authorization vulnerability in Teampass 2.1.27.36
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
network
low complexity
teampass CWE-863
7.5
2019-10-05 CVE-2019-17205 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt.
network
low complexity
teampass CWE-79
6.1
2019-10-05 CVE-2019-17204 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
network
low complexity
teampass CWE-79
5.4
2019-10-05 CVE-2019-17203 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
network
low complexity
teampass CWE-79
5.4
2019-09-26 CVE-2019-16904 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin.
network
low complexity
teampass CWE-79
5.4
2019-08-06 CVE-2019-12950 Cross-site Scripting vulnerability in Teampass 2.1.27.35
An issue was discovered in TeamPass 2.1.27.35.
network
low complexity
teampass CWE-79
5.4
2019-02-04 CVE-2019-1000001 Insufficiently Protected Credentials vulnerability in Teampass
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side.
network
low complexity
teampass CWE-522
critical
9.8