Lucene search

Veracode Vulnerability DatabaseVERACODE:41559

HistoryJul 23, 2023 - 9:50 p.m.

Improper Access Control

2023-07-2321:50:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

nilsteampassnet/teampass

improper access control

remote attacker

sensitive information

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

nilsteampassnet/teampass is vulnerable to Improper Access Control. A remote authenticated attacker is able to gain access to read the information of other users via guessing and editing the ID on the request, resulting in disclosure of sensitive information.

CPENameOperatorVersion
nilsteampassnet/teampassle3.0.0.11
nilsteampassnet/teampassle3.0.0.11

CPE	Name	Operator	Version
	nilsteampassnet/teampass	le	3.0.0.11
	nilsteampassnet/teampass	le	3.0.0.11

References

github.com/advisories/GHSA-g3jr-6vj4-3x82

github.com/nilsteampassnet/teampass/commit/774985f62f080715774604927fba2cb6ef701612

huntr.dev/bounties/35c899a9-40a0-4e17-bfb5-2a1430bc83c4/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for VERACODE:41559