SB2023053061 - Multiple vulnerabilities in TeamPass
Published: May 30, 2023 Updated: February 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-1463)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions. A remote attacker can log out any application user by manipulating the user identifier.
2) SQL injection (CVE-ID: CVE-2023-1545)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the "/authorize" endpoint. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
Remediation
Install update from vendor's website.
References
- https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6
- https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516
- https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2
- https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66