Peppermint: >> Peppermint >> 0.2.2 Security Vulnerabilities
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-30
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-10-30
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVSS Score
8.8
EPSS Score
0.055
Published
2023-09-18