Skip to main content

Teampass CVE-2024-50703

HIGH
External Control of Assumed-Immutable Web Parameter (CWE-472)
2024-12-30 cve@mitre.org
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 30, 2024 - 15:15 nvd
HIGH 8.1

DescriptionNVD

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id.

AnalysisAI

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-472. TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. Affected products include: Teampass. Version information: before 3.1.3.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-7564 CRITICAL POC
9.8 Apr 12

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL co

CVE-2023-3086 CRITICAL POC
9.0 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated critical severit

CVE-2015-7563 HIGH POC
8.8 Apr 12

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the aut

CVE-2023-2859 HIGH POC
8.8 May 24

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulner

CVE-2020-12479 HIGH POC
8.8 Apr 29

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP

CVE-2023-3083 HIGH POC
8.7 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (C

CVE-2017-15055 HIGH POC
8.1 Nov 27

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high sev

CVE-2023-3084 HIGH POC
8.1 Jun 03

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (C

CVE-2020-11671 HIGH POC
8.1 May 04

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid

CVE-2017-15054 HIGH POC
7.5 Nov 27

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload

CVE-2014-3773 HIGH POC
7.5 Aug 07

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL command

CVE-2014-3772 HIGH POC
7.5 Aug 07

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a di

Share

CVE-2024-50703 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy