Vulnerability Details CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
Products affected by CVE-2020-11671
-
cpe:2.3:a:teampass:teampass:2.1
-
cpe:2.3:a:teampass:teampass:2.1.1
-
cpe:2.3:a:teampass:teampass:2.1.10
-
cpe:2.3:a:teampass:teampass:2.1.13
-
cpe:2.3:a:teampass:teampass:2.1.14
-
cpe:2.3:a:teampass:teampass:2.1.15
-
cpe:2.3:a:teampass:teampass:2.1.18
-
cpe:2.3:a:teampass:teampass:2.1.19
-
cpe:2.3:a:teampass:teampass:2.1.2
-
cpe:2.3:a:teampass:teampass:2.1.20
-
cpe:2.3:a:teampass:teampass:2.1.21
-
cpe:2.3:a:teampass:teampass:2.1.22
-
cpe:2.3:a:teampass:teampass:2.1.23.1
-
cpe:2.3:a:teampass:teampass:2.1.23.2
-
cpe:2.3:a:teampass:teampass:2.1.23.3
-
cpe:2.3:a:teampass:teampass:2.1.23.4
-
cpe:2.3:a:teampass:teampass:2.1.24.0
-
cpe:2.3:a:teampass:teampass:2.1.24.1
-
cpe:2.3:a:teampass:teampass:2.1.24.2
-
cpe:2.3:a:teampass:teampass:2.1.24.3
-
cpe:2.3:a:teampass:teampass:2.1.24.4
-
cpe:2.3:a:teampass:teampass:2.1.25.0
-
cpe:2.3:a:teampass:teampass:2.1.25.1
-
cpe:2.3:a:teampass:teampass:2.1.25.2
-
cpe:2.3:a:teampass:teampass:2.1.26
-
cpe:2.3:a:teampass:teampass:2.1.26.0
-
cpe:2.3:a:teampass:teampass:2.1.26.1
-
cpe:2.3:a:teampass:teampass:2.1.26.10
-
cpe:2.3:a:teampass:teampass:2.1.26.11
-
cpe:2.3:a:teampass:teampass:2.1.26.12
-
cpe:2.3:a:teampass:teampass:2.1.26.13
-
cpe:2.3:a:teampass:teampass:2.1.26.14
-
cpe:2.3:a:teampass:teampass:2.1.26.15
-
cpe:2.3:a:teampass:teampass:2.1.26.16
-
cpe:2.3:a:teampass:teampass:2.1.26.17
-
cpe:2.3:a:teampass:teampass:2.1.26.18
-
cpe:2.3:a:teampass:teampass:2.1.26.19
-
cpe:2.3:a:teampass:teampass:2.1.26.2
-
cpe:2.3:a:teampass:teampass:2.1.26.20
-
cpe:2.3:a:teampass:teampass:2.1.26.3
-
cpe:2.3:a:teampass:teampass:2.1.26.4
-
cpe:2.3:a:teampass:teampass:2.1.26.5
-
cpe:2.3:a:teampass:teampass:2.1.26.6
-
cpe:2.3:a:teampass:teampass:2.1.26.7
-
cpe:2.3:a:teampass:teampass:2.1.26.8
-
cpe:2.3:a:teampass:teampass:2.1.26.9
-
cpe:2.3:a:teampass:teampass:2.1.27.0
-
cpe:2.3:a:teampass:teampass:2.1.27.1
-
cpe:2.3:a:teampass:teampass:2.1.27.10
-
cpe:2.3:a:teampass:teampass:2.1.27.2
-
cpe:2.3:a:teampass:teampass:2.1.27.21
-
cpe:2.3:a:teampass:teampass:2.1.27.22
-
cpe:2.3:a:teampass:teampass:2.1.27.23
-
cpe:2.3:a:teampass:teampass:2.1.27.24
-
cpe:2.3:a:teampass:teampass:2.1.27.25
-
cpe:2.3:a:teampass:teampass:2.1.27.26
-
cpe:2.3:a:teampass:teampass:2.1.27.27
-
cpe:2.3:a:teampass:teampass:2.1.27.28
-
cpe:2.3:a:teampass:teampass:2.1.27.29
-
cpe:2.3:a:teampass:teampass:2.1.27.3
-
cpe:2.3:a:teampass:teampass:2.1.27.30
-
cpe:2.3:a:teampass:teampass:2.1.27.31
-
cpe:2.3:a:teampass:teampass:2.1.27.32
-
cpe:2.3:a:teampass:teampass:2.1.27.33
-
cpe:2.3:a:teampass:teampass:2.1.27.34
-
cpe:2.3:a:teampass:teampass:2.1.27.35
-
cpe:2.3:a:teampass:teampass:2.1.27.36
-
cpe:2.3:a:teampass:teampass:2.1.27.4
-
cpe:2.3:a:teampass:teampass:2.1.27.5
-
cpe:2.3:a:teampass:teampass:2.1.27.6
-
cpe:2.3:a:teampass:teampass:2.1.27.7
-
cpe:2.3:a:teampass:teampass:2.1.27.8
-
cpe:2.3:a:teampass:teampass:2.1.27.9
-
cpe:2.3:a:teampass:teampass:2.1.3
-
cpe:2.3:a:teampass:teampass:2.1.4
-
cpe:2.3:a:teampass:teampass:2.1.5