CVE-2023-1463

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516	Patch
https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*

History

26 Apr 2023, 16:15

Type	Values Removed	Values Added
Summary	~~Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.~~	Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

23 Mar 2023, 14:53

Type	Values Removed	Values Added
CWE	~~CWE-285~~	CWE-639
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
CPE		cpe:2.3:a:teampass:teampass::::::::
References	~~(CONFIRM) https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6 -~~	(CONFIRM) https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6 - Exploit, Third Party Advisory
References	~~(MISC) https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516 -~~	(MISC) https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516 - Patch
First Time		Teampass Teampass teampass

17 Mar 2023, 12:59

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-17 12:15

Updated : 2023-12-10 14:48

NVD link : CVE-2023-1463

Mitre link : CVE-2023-1463

CVE.ORG link : CVE-2023-1463

JSON object : View

Products Affected

teampass

teampass

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

5.4 /10