Peppermint: Security Vulnerabilities
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-30
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-30
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVSS Score
8.8
EPSS Score
0.055
Published
2023-09-18
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
CVSS Score
8.1
EPSS Score
0.009
Published
2023-03-29