16 matches found
EUVD-2023-51030
Malicious code in bioql PyPI...
CVE-2023-46864
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client side. This can result...
CVE-2024-31525
Peppermint Ticket Management 0.4.6 is affected by an Incorrect Access Control vulnerability. A regular registered user can elevate privileges to administrator because the authorization check is performed on the client side and not validated server-side. This can result in actions like creating a ...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2023-46864
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
Peppermint Security Vulnerabilities
Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint Ticket Management versions prior to 0.2.4. A remote attacker could exploit this vulnerability by passing /api/v1/users/file/download?filepath=. /... /.../ POST request to read...
Peppermint Security Vulnerabilities
Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint Ticket Management version 0.2.4 and earlier versions. A remote attacker can exploit this vulnerability to read an arbitrary file via a...
PT-2023-30248 · Unknown · Peppermint Ticket Management
Name of the Vulnerable Software and Affected Versions: Peppermint Ticket Management versions 0.2.4 and earlier Description: The issue allows remote attackers to read arbitrary files via a "/api/v1/ticket/1/file/download?filepath=../" POST request. This is achieved by exploiting the filepath...
PT-2023-30247 · Unknown · Peppermint Ticket Management
Name of the Vulnerable Software and Affected Versions: Peppermint Ticket Management versions prior to 0.2.4 Description: The issue allows remote attackers to read arbitrary files via a "/api/v1/users/file/download?filepath=./../" POST request. This is a significant security concern as it...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 is affected by a directory-traversal flaw that allows remote attackers to read arbitrary files through a POST to /api/v1/users/file/download?filepath=./../. The issue concerns the file download API handling of the filepath parameter and is confirmed acros...
CVE-2023-46864
Peppermint Ticket Management vulnerability CVE-2023-46864 affects versions up to 0.2.4. The issue is a path traversal in the API endpoint /api/v1/ticket/1/file/download?filepath=../, allowing remote attackers to read arbitrary files. Root cause: the filepath parameter is not properly validated, e...