Bstapes

**Name of the Vulnerable Software and Affected Versions** TeamPass versions 2.1.27.36 and earlier **Description** The issue is related to a lack of authorization controls in REST API functions. This allows any TeamPass user with a valid API token to become a TeamPass administrator and read or modify all passwords via authenticated "api/index.php" REST API calls. It's noted that the API is not available by default. **Recommendations** For TeamPass versions 2.1.27.36 and earlier, consider disabling the REST API until a patch is available to prevent exploitation. Restrict access to the "api/index.php" endpoint to minimize the risk of unauthorized password access. Avoid using the API with valid tokens until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeamPass version 2.1.27.36 **Description** The issue allows any user with a valid API token to bypass IP address whitelist restrictions. This is achieved via an X-Forwarded-For client HTTP header to the `getIp` function. **Recommendations** For TeamPass version 2.1.27.36, consider restricting access to the `getIp` function until a patch is available. As a temporary workaround, avoid using the X-Forwarded-For client HTTP header in the REST API functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TeamPass version 2.1.27.36 **Description** The issue allows an unauthenticated attacker to retrieve files from the TeamPass web root, potentially including backups or LDAP debug files. **Recommendations** For TeamPass version 2.1.27.36, restrict access to sensitive files in the web root to prevent unauthorized retrieval. As a temporary workaround, consider restricting access to the TeamPass web root until a patch is available. Avoid storing sensitive information, such as backups or LDAP debug files, in the TeamPass web root to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TeamPass version 2.1.27.36 **Description** The issue allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with `sources/users.queries.php` using `newValue` directory traversal. **Recommendations** For TeamPass version 2.1.27.36, as a temporary workaround, consider restricting access to the `sources/users.queries.php` file until a patch is available. Avoid using the `newValue` parameter in the affected HTTP request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.