MidnightBSD

Advisories for teampass

CVE-2012-2234 MEDIUM

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.3
teampass teampass 2.1
teampass teampass 2.1.4
teampass teampass 2.1.2
teampass teampass *
teampass teampass 2.1.1
CVE-2014-3771 HIGH

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
teampass teampass 2.1.3
teampass teampass 2.1.13
teampass teampass 2.1.4
teampass teampass 2.1.5
teampass teampass 2.1.10
teampass teampass 2.1.14
teampass teampass 2.1.18
teampass teampass 2.1.19
teampass teampass 2.1
teampass teampass 2.1.15
teampass teampass 2.1.2
teampass teampass *
teampass teampass 2.1.1
CVE-2014-3772 HIGH

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
teampass teampass 2.1.3
teampass teampass 2.1.13
teampass teampass 2.1.4
teampass teampass 2.1.5
teampass teampass 2.1.10
teampass teampass 2.1.14
teampass teampass 2.1.18
teampass teampass 2.1.19
teampass teampass 2.1
teampass teampass 2.1.15
teampass teampass 2.1.2
teampass teampass *
teampass teampass 2.1.1
CVE-2014-3773 HIGH

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
teampass teampass 2.1.3
teampass teampass 2.1.13
teampass teampass 2.1.4
teampass teampass 2.1.5
teampass teampass 2.1.10
teampass teampass 2.1.14
teampass teampass 2.1.18
teampass teampass 2.1.19
teampass teampass 2.1
teampass teampass 2.1.15
teampass teampass 2.1.2
teampass teampass *
teampass teampass 2.1.1
CVE-2014-3774 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.3
teampass teampass 2.1.13
teampass teampass 2.1.4
teampass teampass 2.1.5
teampass teampass 2.1.10
teampass teampass 2.1.14
teampass teampass 2.1.18
teampass teampass 2.1.19
teampass teampass 2.1
teampass teampass 2.1.15
teampass teampass 2.1.2
teampass teampass *
teampass teampass 2.1.1
CVE-2015-7562 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2015-7563 MEDIUM

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2015-7564 HIGH

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15051 LOW

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15052 MEDIUM

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15053 MEDIUM

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15054 MEDIUM

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15055 MEDIUM

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-15278 LOW

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2017-9436 HIGH

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
teampass teampass 2.1.24.2
teampass teampass 2.1.24.3
teampass teampass 2.1.26.11
teampass teampass 2.1.26.17
teampass teampass 2.1.26.8
teampass teampass 2.1.20.0
teampass teampass 2.1.26.2
teampass teampass 2.1.27.3
teampass teampass 2.1.24.1
teampass teampass 2.1.26
teampass teampass 2.1.23.2
teampass teampass 2.1.26.12
teampass teampass 2.1.23.4
teampass teampass 2.1.26.1
teampass teampass 2.1.26.3
teampass teampass 2.1.26.7
teampass teampass 2.1.25.1
teampass teampass 2.1.26.9
teampass teampass 2.1.25.0
teampass teampass 2.1.26.0
teampass teampass 2.1.26.5
teampass teampass 2.1.26.15
teampass teampass 2.1.26.18
teampass teampass 2.1.22.0
teampass teampass 2.1.26.6
teampass teampass 2.1.26.10
teampass teampass 2.1.23.1
teampass teampass 2.1.26.16
teampass teampass 2.1.27.0
teampass teampass 2.1.23.3
teampass teampass 2.1.27.2
teampass teampass 2.1.26.14
teampass teampass 2.1.26.19
teampass teampass 2.1.24.0
teampass teampass 2.1.24.4
teampass teampass 2.1.26.4
teampass teampass 2.1.27.1
teampass teampass 2.1.25.2
teampass teampass 2.1.26.13
CVE-2019-1000001 MEDIUM

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2019-12950 LOW

An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.35
CVE-2019-16904 LOW

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2019-17203 LOW

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2019-17204 LOW

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2019-17205 MEDIUM

TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2020-11671 MEDIUM

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
teampass teampass *
CVE-2020-12477 MEDIUM

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2020-12478 MEDIUM

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2020-12479 MEDIUM

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
teampass teampass 2.1.27.36
CVE-2022-26980 MEDIUM

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
teampass teampass 2.1.26
CVE-2023-1070

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 2.8 4.2

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-1463

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-1545

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-2021

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-2516

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-2591

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-2859

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3009

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3083

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3084

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3086

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3095

Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3191

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3531

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3551

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3552

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3553

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2023-3565

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Products Affected

Vendor Product Version
teampass teampass *
CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
teampass teampass *
CVE-2024-50702

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
teampass teampass *
CVE-2024-50703

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
teampass teampass *