Multiple vulnerabilities in TeamPass
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-12479 CVE-2020-12477 CVE-2020-12478 |
| CWE-ID | CWE-22 CWE-287 CWE-74 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
TeamPass Client/Desktop applications / Other client software |
| Vendor | Nils Laumaillé |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU27506
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12479
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in "newValue" parameter in "sources/users.queries.php". A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsTeamPass: 2.1.27.36
CPE2.3 External linkshttps://github.com/nilsteampassnet/TeamPass/issues/2762
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU27507
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12477
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests in the REST API functions. A remote authenticated attacker can bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the "getIp" function.
MitigationInstall update from vendor's website.
Vulnerable software versionsTeamPass: 2.1.27.36
CPE2.3 External linkshttps://github.com/nilsteampassnet/TeamPass/issues/2761
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Neutralization of Special Elements in Output Used by a Downstream Component
EUVDB-ID: #VU27505
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12478
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper validation of input. A remote attacker can retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
MitigationInstall update from vendor's website.
Vulnerable software versionsTeamPass: 2.1.27.36
CPE2.3 External linkshttps://github.com/nilsteampassnet/TeamPass/issues/2764
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
