CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1000001
https://notcve.org/view.php?id=CVE-2019-1000001
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage. TeamPass, en versiones 2.1.27 y anteriores, contiene una vulnerabilidad de almacenamiento de contraseñas en formato recuperable en los almacenes de contraseñas compartidos que puede resultar en que todas las contraseñas se pueden recuperar del lado del servidor. Este ataque parece ser explotable mediante una vulnerabilidad que puede omitir la autenticación o la asignación de roles y puede conducir al filtrado de las contraseñas compartidas. • https://github.com/nilsteampassnet/TeamPass/issues/2495 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15052
https://notcve.org/view.php?id=CVE-2017-15052
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php. Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar users.queries.php. En ese caso, es posible que un usuario manager elimine un usuario arbitrario (incluyendo a un administrador) o que modifique atributos de cualquier usuario arbitrario excepto un administrador. • http://blog.amossys.fr/teampass-multiple-cve-01.html https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1 • CWE-269: Improper Privilege Management •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15053
https://notcve.org/view.php?id=CVE-2017-15053
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php. Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de managers al solicitar roles.queries.php. Es posible para un usuario manager modificar o eliminar cualquier rol arbitrario en la aplicación.. • http://blog.amossys.fr/teampass-multiple-cve-01.html https://github.com/nilsteampassnet/TeamPass/commit/ef32e9c28b6ddc33cee8a25255bc8da54434af3e • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15055
https://notcve.org/view.php?id=CVE-2017-15055
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php. Las versiones anteriores a la 2.1.27.9 de TeamPass no aplican correctamente el control de acceso de elementos al solicitar items.queries.php. Es posible copiar cualquier elemento arbitrario en un directorio controlado por el atacante, editar cualquier elemento en un directorio de solo lectura, eliminar un elemento arbitrario, eliminar los archivos adjuntos de un elemento arbitrario, copiar la contraseña de un elemento arbitrario en el búfer copy/paste, acceder al historial de un elemento arbitrario y editar los atributos de un directorio arbitrario. • http://blog.amossys.fr/teampass-multiple-cve-01.html https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15051
https://notcve.org/view.php?id=CVE-2017-15051
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed. • http://blog.amossys.fr/teampass-multiple-cve-01.html https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •