Shodan
Vulnerabilities
Vulnerable Software
Teampass:  >> Teampass  >> 2.1.27.36  Security Vulnerabilities
CVE-2023-1463
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-03-17
CVE-2023-1070
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-02-27
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-05-04
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-04-29
CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
CVSS Score
7.5
EPSS Score
0.338
Published
2020-04-29
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
CVSS Score
8.8
EPSS Score
0.024
Published
2020-04-29
CVE-2019-17204
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-05
CVE-2019-17205
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-05
CVE-2019-17203
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-05
CVE-2019-16904
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved