CVE-2020-12479

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-12479

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12479.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-12479

Aliases

GHSA-6jf9-8m34-96w5

Published

2020-04-29T22:15:12.827Z

Modified

2025-11-20T11:09:17.007434Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

References

https://github.com/nilsteampassnet/TeamPass/issues/2762

Affected packages

Git / github.com/nilsteampassnet/teampass

Affected ranges

Type: GIT
Repo: https://github.com/nilsteampassnet/teampass
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e99658f697a35bde7733be23d29d0f40bb02b035

Affected versions

2.*

2.1

2.1.20

2.1.23.1

2.1.23.2

2.1.23.3

2.1.23.4

2.1.24.0

2.1.24.1

2.1.24.2

2.1.24.3

2.1.24.4

2.1.25.0

2.1.25.1

2.1.25.2

2.1.26

2.1.26-RC1

2.1.26-final

2.1.26-final-2

2.1.26-final-3

2.1.26.0

2.1.26.1

2.1.26.10

2.1.26.11

2.1.26.12

2.1.26.13

2.1.26.14

2.1.26.15

2.1.26.16

2.1.26.17

2.1.26.18

2.1.26.19

2.1.26.2

2.1.26.20

2.1.26.3

2.1.26.4

2.1.26.5

2.1.26.6

2.1.26.7

2.1.26.8

2.1.26.9

2.1.26_RC1

2.1.27.0

2.1.27.1

2.1.27.10

2.1.27.11

2.1.27.12

2.1.27.13

2.1.27.14

2.1.27.15

2.1.27.16

2.1.27.17

2.1.27.18

2.1.27.19

2.1.27.2

2.1.27.20

2.1.27.21

2.1.27.22

2.1.27.23

2.1.27.24

2.1.27.25

2.1.27.26

2.1.27.27

2.1.27.28

2.1.27.29

2.1.27.3

2.1.27.30

2.1.27.31

2.1.27.32

2.1.27.33

2.1.27.34

2.1.27.35

2.1.27.36

2.1.27.4

2.1.27.5

2.1.27.6

2.1.27.7

2.1.27.8

2.1.27.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12479.json"