Skip to main content

Teampass CVE-2015-7563

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-04-12 secalert@redhat.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 12, 2017 - 22:59 cve.org
HIGH 8.8

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Affected products include: Teampass.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2015-7564 CRITICAL POC
9.8 Apr 12

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL co

CVE-2023-3086 CRITICAL POC
9.0 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated critical severit

CVE-2023-2859 HIGH POC
8.8 May 24

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulner

CVE-2020-12479 HIGH POC
8.8 Apr 29

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP

CVE-2023-3083 HIGH POC
8.7 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (C

CVE-2017-15055 HIGH POC
8.1 Nov 27

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high sev

CVE-2023-3084 HIGH POC
8.1 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (C

CVE-2020-11671 HIGH POC
8.1 May 04

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid

CVE-2017-15054 HIGH POC
7.5 Nov 27

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload

CVE-2014-3773 HIGH POC
7.5 Aug 07

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL command

CVE-2014-3772 HIGH POC
7.5 Aug 07

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a di

CVE-2014-3771 HIGH POC
7.5 Aug 07

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request

Share

CVE-2015-7563 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy