GHSA-q9qr-h33g-fw3j

Suggest an improvement
Source
https://github.com/advisories/GHSA-q9qr-h33g-fw3j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q9qr-h33g-fw3j/GHSA-q9qr-h33g-fw3j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q9qr-h33g-fw3j
Aliases
Published
2022-05-13T01:21:42Z
Modified
2024-04-24T22:43:39.808492Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
TeamPass Storing Passwords in a Recoverable Format vulnerability
Details

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.

Database specific 
{
    "nvd_published_at": "2019-02-04T21:29:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T22:28:45Z"
}
References

Affected packages

Packagist / nilsteampassnet/teampass

Package

Name
nilsteampassnet/teampass
Purl
pkg:composer/nilsteampassnet/teampass

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.1.27

Affected versions

2.*

2.1.21
2.1.26
2.1.27