CVE-2020-12478 – nilsteampassnet/teampass

Package

Manager: composer
Name: nilsteampassnet/teampass
Vulnerable Version: =2.1.27.36

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.27795 pctl0.96281

Details

TeamPass files are available without authentication TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.

Metadata

Created: 2022-05-24T17:16:59Z
Modified: 2024-04-24T22:28:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-83h6-22cp-f22w/GHSA-83h6-22cp-f22w.json
CWE IDs: ["CWE-306"]
Alternative ID: GHSA-83h6-22cp-f22w
Finding: F006
Auto approve: 1