Vulnerabilities > Teampass > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12477 | Incorrect Authorization vulnerability in Teampass 2.1.27.36 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | 7.5 |
| 2017-11-27 | CVE-2017-15055 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 8.1 |
| 2017-11-27 | CVE-2017-15054 | Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 7.5 |
| 2017-04-12 | CVE-2015-7563 | Cross-Site Request Forgery (CSRF) vulnerability in Teampass Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | 8.8 |