Vulnerabilities > Teampass
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-11671 | Improper Privilege Management vulnerability in Teampass Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. | 5.8 |
| 2020-04-29 | CVE-2020-12479 | Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | 6.5 |
| 2020-04-29 | CVE-2020-12478 | Injection vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. | 5.0 |
| 2020-04-29 | CVE-2020-12477 | Information Exposure vulnerability in Teampass 2.1.27.36 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | 5.0 |
| 2019-10-05 | CVE-2019-17205 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. | 4.3 |
| 2019-10-05 | CVE-2019-17204 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | 3.5 |
| 2019-10-05 | CVE-2019-17203 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | 3.5 |
| 2019-09-26 | CVE-2019-16904 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. | 3.5 |
| 2019-08-06 | CVE-2019-12950 | Cross-site Scripting vulnerability in Teampass 2.1.27.35 An issue was discovered in TeamPass 2.1.27.35. | 3.5 |
| 2019-02-04 | CVE-2019-1000001 | Insufficiently Protected Credentials vulnerability in Teampass TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. | 5.0 |