GHSA-5qr3-4839-88gf

Suggest an improvement
Source
https://github.com/advisories/GHSA-5qr3-4839-88gf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5qr3-4839-88gf/GHSA-5qr3-4839-88gf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5qr3-4839-88gf
Aliases
Published
2022-05-13T01:43:37Z
Modified
2024-04-24T22:43:39.276025Z
Severity
  • 4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
TeamPass Improper Privilege Management
Details

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.

References

Affected packages

Packagist / nilsteampassnet/teampass

Package

Name
nilsteampassnet/teampass
Purl
pkg:composer/nilsteampassnet/teampass

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27.9

Affected versions

2.*

2.1.21
2.1.26
2.1.27