Vulnerabilities > Teampass
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-04 | CVE-2020-11671 | Missing Authorization vulnerability in Teampass Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. | 8.1 |
2020-04-29 | CVE-2020-12479 | Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | 8.8 |
2020-04-29 | CVE-2020-12478 | Missing Authentication for Critical Function vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. | 7.5 |
2020-04-29 | CVE-2020-12477 | Incorrect Authorization vulnerability in Teampass 2.1.27.36 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | 7.5 |
2019-10-05 | CVE-2019-17205 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. | 6.1 |
2019-10-05 | CVE-2019-17204 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | 5.4 |
2019-10-05 | CVE-2019-17203 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | 5.4 |
2019-09-26 | CVE-2019-16904 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. | 5.4 |
2019-08-06 | CVE-2019-12950 | Cross-site Scripting vulnerability in Teampass 2.1.27.35 An issue was discovered in TeamPass 2.1.27.35. | 5.4 |
2019-02-04 | CVE-2019-1000001 | Insufficiently Protected Credentials vulnerability in Teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. | 9.8 |