CVE-2017-15055

Name of the Vulnerable Software and Affected Versions TeamPass versions prior to 2.1.27.9

Description The issue allows an authenticated attacker to bypass access control when requesting items.queries.php, enabling them to perform various unauthorized actions. These actions include copying any item into a directory they control, editing items in read-only directories, deleting arbitrary items, deleting file attachments, accessing item history, and editing directory attributes. To exploit this, an attacker must tamper with requests, such as modifying the item id parameter when invoking the copy item function on "items.queries.php".

Recommendations For versions prior to 2.1.27.9, update to version 2.1.27.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "items.queries.php" endpoint and limiting the ability to invoke the copy item function to authorized users only. Additionally, restrict modifications to the item id parameter to prevent tampering.