cnvd - cnvd-2017-38332

cnvd-2017-38332

Vulnerability from cnvd

Title: TeamPass users.queries.php访问控制漏洞

Description:

TeamPass是一款专用于Apache、MySQL和PHP中的密码管理器。

TeamPass 2.1.27.9之前的版本中存在访问控制漏洞，该漏洞源于程序未能正确的强制执行管理员访问控制。攻击者可通过获取管理员权限，并篡改请求利用该漏洞删除任意用户（包括：管理员用户）或更改任意用户的属性（不包括：管理员用户）。

Severity: 中

Patch Name: TeamPass users.queries.php访问控制漏洞的补丁

Patch Description:

TeamPass是一款专用于Apache、MySQL和PHP中的密码管理器。

TeamPass 2.1.27.9之前的版本中存在访问控制漏洞，该漏洞源于程序未能正确的强制执行管理员访问控制。攻击者可通过获取管理员权限，并篡改请求利用该漏洞删除任意用户（包括：管理员用户）或更改任意用户的属性（不包括：管理员用户）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-15052

Impacted products

Name
TeamPass TeamPass <2.1.27.9

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15052"
    }
  },
  "description": "TeamPass\u662f\u4e00\u6b3e\u4e13\u7528\u4e8eApache\u3001MySQL\u548cPHP\u4e2d\u7684\u5bc6\u7801\u7ba1\u7406\u5668\u3002\r\n\r\nTeamPass 2.1.27.9\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5f3a\u5236\u6267\u884c\u7ba1\u7406\u5458\u8bbf\u95ee\u63a7\u5236\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\uff0c\u5e76\u7be1\u6539\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u4efb\u610f\u7528\u6237\uff08\u5305\u62ec\uff1a\u7ba1\u7406\u5458\u7528\u6237\uff09\u6216\u66f4\u6539\u4efb\u610f\u7528\u6237\u7684\u5c5e\u6027\uff08\u4e0d\u5305\u62ec\uff1a\u7ba1\u7406\u5458\u7528\u6237\uff09\u3002",
  "discovererName": "Nicolas Zilio",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38332",
  "openTime": "2017-12-28",
  "patchDescription": "TeamPass\u662f\u4e00\u6b3e\u4e13\u7528\u4e8eApache\u3001MySQL\u548cPHP\u4e2d\u7684\u5bc6\u7801\u7ba1\u7406\u5668\u3002\r\n\r\nTeamPass 2.1.27.9\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5f3a\u5236\u6267\u884c\u7ba1\u7406\u5458\u8bbf\u95ee\u63a7\u5236\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\uff0c\u5e76\u7be1\u6539\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u4efb\u610f\u7528\u6237\uff08\u5305\u62ec\uff1a\u7ba1\u7406\u5458\u7528\u6237\uff09\u6216\u66f4\u6539\u4efb\u610f\u7528\u6237\u7684\u5c5e\u6027\uff08\u4e0d\u5305\u62ec\uff1a\u7ba1\u7406\u5458\u7528\u6237\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TeamPass users.queries.php\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "TeamPass TeamPass \u003c2.1.27.9"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15052",
  "serverity": "\u4e2d",
  "submitTime": "2017-11-28",
  "title": "TeamPass users.queries.php\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e"
}

CVE-2017-15052 (GCVE-0-2017-15052)

Vulnerability from cvelistv5

Published

2017-11-27 19:00

Modified

2024-08-05 19:42

Severity ?

CWE

Summary

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.

References

▼	URL	Tags
	http://blog.amossys.fr/teampass-multiple-cve-01.html	x_refsource_MISC
	https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:42:22.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15052",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the \"id\" parameter when invoking \"delete_user\" on users.queries.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
              "refsource": "MISC",
              "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
            },
            {
              "name": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1",
              "refsource": "MISC",
              "url": "https://github.com/nilsteampassnet/TeamPass/commit/8f2d51dd6c24f76e4f259d0df22cff9b275f2dd1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15052",
    "datePublished": "2017-11-27T19:00:00",
    "dateReserved": "2017-10-06T00:00:00",
    "dateUpdated": "2024-08-05T19:42:22.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted