DATABASE RESOURCES PRICING ABOUT US

{"id": "GHSA-GMR7-M73X-6C9Q", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Missing Authorization in TeamPass", "description": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.", "published": "2021-07-26T21:22:13", "modified": "2023-02-01T05:06:01", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, "href": "https://github.com/advisories/GHSA-gmr7-m73x-6c9q", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2020-11671", "https://github.com/nilsteampassnet/TeamPass/issues/2765", "https://github.com/advisories/GHSA-gmr7-m73x-6c9q"], "cvelist": ["CVE-2020-11671"], "immutableFields": [], "lastseen": "2023-02-01T05:08:03", "viewCount": 34, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-11671"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142722"]}, {"type": "osv", "idList": ["OSV:GHSA-GMR7-M73X-6C9Q"]}, {"type": "veracode", "idList": ["VERACODE:25168"]}]}, "score": {"value": 4.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-11671"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142722"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "nilsteampassnet/teampass", "version": 2}]}, "epss": [{"cve": "CVE-2020-11671", "epss": "0.000760000", "percentile": "0.306830000", "modified": "2023-03-19"}], "vulnersScore": 4.0}, "_state": {"dependencies": 1675228188, "score": 1675228295, "affected_software_major_version": 1675229835, "epss": 1679323282}, "_internal": {"score_hash": "dbcde0df4a3b7a04a2ab7dde8fbe7f0b"}, "affectedSoftware": [{"version": "2.1.27.36", "operator": "le", "ecosystem": "COMPOSER", "name": "nilsteampassnet/teampass"}]}

{"cve": [{"lastseen": "2023-02-09T14:59:57", "description": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-05-04T14:15:00", "type": "cve", "title": "CVE-2020-11671", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11671"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:teampass:teampass:2.1.27.36"], "id": "CVE-2020-11671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11671", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2022-07-27T10:18:59", "description": "TeamPass has missing API authorization checks. The application does not properly enforce authorization controls in REST API functions, allowing any user with a valid token to act as administrator and to modify another user's passwords using authenticated api/index.php REST API calls.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-05-05T09:51:53", "type": "veracode", "title": "Missing API Authorization Checks ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11671"], "modified": "2020-11-30T03:55:23", "id": "VERACODE:25168", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25168/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2023-03-28T05:50:54", "description": "Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-07-26T21:22:13", "type": "osv", "title": "Missing Authorization in TeamPass", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11671"], "modified": "2023-03-28T05:50:40", "id": "OSV:GHSA-GMR7-M73X-6C9Q", "href": "https://osv.dev/vulnerability/GHSA-gmr7-m73x-6c9q", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "openvas": [{"lastseen": "2020-05-18T15:42:43", "description": "TeamPass is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2019-08-09T00:00:00", "type": "openvas", "title": "TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12950", "CVE-2019-17203", "CVE-2020-12479", "CVE-2020-11671", "CVE-2020-12478", "CVE-2019-16904", "CVE-2019-17205", "CVE-2020-12477", "CVE-2019-17204"], "modified": "2020-05-14T00:00:00", "id": "OPENVAS:1361412562310142722", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142722", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:teampass:teampass\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142722\");\n script_version(\"2020-05-14T09:33:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-14 09:33:44 +0000 (Thu, 14 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-08-09 05:35:24 +0000 (Fri, 09 Aug 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2019-12950\", \"CVE-2019-16904\", \"CVE-2019-17203\", \"CVE-2019-17204\", \"CVE-2019-17205\",\n \"CVE-2020-11671\", \"CVE-2020-12477\", \"CVE-2020-12478\", \"CVE-2020-12479\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_name(\"TeamPass <= 2.1.27.36 Multiple XSS Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_teampass_detect.nasl\");\n script_mandatory_keys(\"teampass/installed\");\n\n script_tag(name:\"summary\", value:\"TeamPass is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"These vulnerabilities exist:\n\n - From the sources/items.queries.php 'Import items' feature, it is possible to\n load a crafted CSV file with an XSS payload. (CVE-2019-12950)\n\n - Setting a crafted password for an item in a common available folder or sharing\n the item with an admin allows stored XSS. (CVE-2019-16904)\n\n - Setting a crafted password for an item in any folder allows stored\n XSS. (CVE-2019-17203)\n\n - Setting a crafted Knowledge Base label and adding any available item\n allows stored XSS. (CVE-2019-17204)\n\n - Placing a payload in the username field during a login attempt allows\n stored XSS. When an administrator looks at the log of failed logins,\n the XSS payload will be executed. (CVE-2019-17205)\n\n - Lack of authorization controls in REST API functions allows any TeamPass user with a valid API token to become\n a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. (CVE-2020-11671)\n\n - The REST API functions allow any user with a valid API token to bypass IP address whitelist restrictions via\n an X-Forwarded-For client HTTP header to the getIp function. (CVE-2020-12477)\n\n - Unauthenticated attackers may retrieve files from the TeamPass web root. This may include backups or LDAP\n debug files. (CVE-2020-12478)\n\n - Any authenticated TeamPass user may trigger a PHP file include vulnerability via a crafted HTTP request with\n sources/users.queries.php newValue directory traversal. (CVE-2020-12479)\");\n\n script_tag(name:\"affected\", value:\"TeamPass version 2.1.27.36 and probably prior.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"No known solution is available as of 06th May, 2019.\n Information regarding this issue will be updated once solution details are available.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2638\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2685\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2689\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2690\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2688\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2765\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2761\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2764\");\n script_xref(name:\"URL\", value:\"https://github.com/nilsteampassnet/TeamPass/issues/2762\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\npath = infos[\"location\"];\n\nif (version_is_less_equal(version: version, test_version: \"2.1.27.36\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"None\", install_path: path);\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}