GHSA-83h6-22cp-f22w

Suggest an improvement
Source
https://github.com/advisories/GHSA-83h6-22cp-f22w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-83h6-22cp-f22w/GHSA-83h6-22cp-f22w.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-83h6-22cp-f22w
Aliases
Published
2022-05-24T17:16:59Z
Modified
2024-04-24T22:41:56.881922Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
TeamPass files are available without authentication
Details

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.

Database specific 
{
    "nvd_published_at": "2020-04-29T22:15:00Z",
    "cwe_ids": [
        "CWE-306"
    ],
    "github_reviewed_at": "2024-04-24T22:28:12Z",
    "severity": "HIGH",
    "github_reviewed": true
}
References

Affected packages

Packagist / nilsteampassnet/teampass

Package

Name
nilsteampassnet/teampass
Purl
pkg:composer/nilsteampassnet/teampass

Affected ranges

Affected versions

2.*
2.1.27.36

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-83h6-22cp-f22w/GHSA-83h6-22cp-f22w.json"