Teampass: >> Teampass >> 2.1.27.35 Security Vulnerabilities
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-03-17
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-02-27
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-05-04
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-06
Page 3