PT-2020-13137 · Teampass · Teampass

Bstapes

Published

2020-04-29

Updated

2022-05-24

CVE-2020-12478

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TeamPass version 2.1.27.36

Description The issue allows an unauthenticated attacker to retrieve files from the TeamPass web root, potentially including backups or LDAP debug files.

Recommendations For TeamPass version 2.1.27.36, restrict access to sensitive files in the web root to prevent unauthorized retrieval. As a temporary workaround, consider restricting access to the TeamPass web root until a patch is available. Avoid storing sensitive information, such as backups or LDAP debug files, in the TeamPass web root to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-12478

GHSA-83H6-22CP-F22W

Affected Products

Teampass

PT-2020-13137 · Teampass · Teampass

CVE-2020-12478

Weakness Enumeration

Related Identifiers

Affected Products

References · 6