Lucene search
K

57 matches found

OSV
OSV
added 2023/10/29 12:0 a.m.18 views

CVE-2023-46864

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...

5.3CVSS7.2AI score0.00658EPSS
Exploits1References3
CVE
CVE
added 2023/10/29 12:0 a.m.58 views

CVE-2023-46863

Peppermint Ticket Management before 0.2.4 is affected by a directory-traversal flaw that allows remote attackers to read arbitrary files through a POST to /api/v1/users/file/download?filepath=./../. The issue concerns the file download API handling of the filepath parameter and is confirmed acros...

7.5CVSS7.4AI score0.0085EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/10/29 12:0 a.m.54 views

CVE-2023-46864

Peppermint Ticket Management vulnerability CVE-2023-46864 affects versions up to 0.2.4. The issue is a path traversal in the API endpoint /api/v1/ticket/1/file/download?filepath=../, allowing remote attackers to read arbitrary files. Root cause: the filepath parameter is not properly validated, e...

5.3CVSS5.2AI score0.00658EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/29 12:0 a.m.16 views

CVE-2023-46863

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...

7.6AI score0.0085EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/18 4:15 p.m.4 views

CVE-2023-42328

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...

8.8CVSS6.1AI score0.0116EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/18 12:0 a.m.4 views

Peppermint Trust Management Issues Vulnerabilities

Peppermint is an open source ticket management system from Peppermint Labs. PeppermintLabs A security vulnerability exists in Peppermint v.0.2.4 and earlier versions, which originated from a vulnerability that allows remote attackers to obtain sensitive information and execute arbitrary code via ...

8.8CVSS7.4AI score0.0116EPSS
Exploits1References5
CVE
CVE
added 2023/09/18 12:0 a.m.2537 views

CVE-2023-42328

PeppermintLabs Peppermint v0.2.4 and earlier are affected by a vulnerability where a hardcoded session cookie allows a remote attacker to obtain sensitive information and execute arbitrary code. Root cause: hardcoded session cookie in Peppermint; impact is high (CVE-2023-42328, CVSS v3.1: AV:N/AC...

8.8CVSS8.7AI score0.0116EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/18 12:0 a.m.4 views

PT-2023-28317 · Peppermintlabs · Peppermint

Name of the Vulnerable Software and Affected Versions: PeppermintLabs Peppermint versions 0.2.4 and earlier Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Recommendations: For PeppermintLabs Peppermint...

8.8CVSS8.6AI score0.0116EPSS
Exploits1References7
NVD
NVD
added 2023/03/29 6:15 p.m.25 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

8.1CVSS8AI score0.00917EPSS
Exploits1References3
Prion
Prion
added 2023/03/29 6:15 p.m.19 views

Design/Logic Flaw

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

5.5CVSS7.9AI score0.00917EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.3 views

Peppermint 安全漏洞

Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint version v0.2.4. An attacker exploited the vulnerability to access emails and passwords via a specially crafted request...

8.1CVSS7.8AI score0.00917EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/03/29 12:0 a.m.4 views

PT-2023-20888 · Unknown · Peppermint

Name of the Vulnerable Software and Affected Versions: Peppermint version 0.2.4 Description: The issue concerns the password reset function, allowing attackers to access emails and passwords of the Tickets page through a crafted request. Recommendations: For Peppermint version 0.2.4, consider...

8.1CVSS7.4AI score0.00917EPSS
Exploits1References6
Cvelist
Cvelist
added 2023/03/29 12:0 a.m.26 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

8.2AI score0.00917EPSS
Exploits1References3
CVE
CVE
added 2023/03/29 12:0 a.m.56 views

CVE-2023-26984

Peppermint CVE-2023-26984 affects Peppermint v0.2.4, with a vulnerability in the password reset function that can let an attacker access emails and passwords on the Tickets page via a crafted request. Several connected sources confirm the issue and, in at least one report, exploitation has occurr...

8.1CVSS7.9AI score0.00917EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/29 12:0 a.m.7 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

6.9AI score0.00917EPSS
Exploits1References3
OSV
OSV
added 2023/03/29 12:0 a.m.16 views

CVE-2023-26984

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...

8.1CVSS7.2AI score0.00917EPSS
Exploits1References5
Openbugbounty
Openbugbounty
added 2020/08/02 3:3 p.m.9 views

peppermintproperties.ca Cross Site Scripting vulnerability OBB-1248457

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder