CVE-2023-2859

Name of the Vulnerable Software and Affected Versions teampass versions prior to 3.0.9

Description The issue is related to code injection in the GitHub repository nilsteampassnet/teampass. A malicious user could rename a folder with a payload containing malicious code, potentially executing it when an admin interacts with the folder. This could lead to unauthorized access, sensitive information theft, or redirection to a malicious website.

Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to folder editing functionality to minimize the risk of exploitation. Avoid interacting with suspiciously named folders until the issue is resolved.