57 matches found
CVE-2023-46864
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 is affected by a directory-traversal flaw that allows remote attackers to read arbitrary files through a POST to /api/v1/users/file/download?filepath=./../. The issue concerns the file download API handling of the filepath parameter and is confirmed acros...
CVE-2023-46864
Peppermint Ticket Management vulnerability CVE-2023-46864 affects versions up to 0.2.4. The issue is a path traversal in the API endpoint /api/v1/ticket/1/file/download?filepath=../, allowing remote attackers to read arbitrary files. Root cause: the filepath parameter is not properly validated, e...
CVE-2023-46863
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request...
CVE-2023-42328
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie...
Peppermint Trust Management Issues Vulnerabilities
Peppermint is an open source ticket management system from Peppermint Labs. PeppermintLabs A security vulnerability exists in Peppermint v.0.2.4 and earlier versions, which originated from a vulnerability that allows remote attackers to obtain sensitive information and execute arbitrary code via ...
CVE-2023-42328
PeppermintLabs Peppermint v0.2.4 and earlier are affected by a vulnerability where a hardcoded session cookie allows a remote attacker to obtain sensitive information and execute arbitrary code. Root cause: hardcoded session cookie in Peppermint; impact is high (CVE-2023-42328, CVSS v3.1: AV:N/AC...
PT-2023-28317 · Peppermintlabs · Peppermint
Name of the Vulnerable Software and Affected Versions: PeppermintLabs Peppermint versions 0.2.4 and earlier Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Recommendations: For PeppermintLabs Peppermint...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
Design/Logic Flaw
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
Peppermint 安全漏洞
Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint version v0.2.4. An attacker exploited the vulnerability to access emails and passwords via a specially crafted request...
PT-2023-20888 · Unknown · Peppermint
Name of the Vulnerable Software and Affected Versions: Peppermint version 0.2.4 Description: The issue concerns the password reset function, allowing attackers to access emails and passwords of the Tickets page through a crafted request. Recommendations: For Peppermint version 0.2.4, consider...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
CVE-2023-26984
Peppermint CVE-2023-26984 affects Peppermint v0.2.4, with a vulnerability in the password reset function that can let an attacker access emails and passwords on the Tickets page via a crafted request. Several connected sources confirm the issue and, in at least one report, exploitation has occurr...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
CVE-2023-26984
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request...
peppermintproperties.ca Cross Site Scripting vulnerability OBB-1248457
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...