CVE-2020-11671: Improper Privilege Management

May 4, 2020 (updated July 21, 2021)

Lack of authorization controls in REST API functions in TeamPass allows any TeamPass user with a valid API token to become a TeamPass administrator and read or modify all passwords via authenticated api/index.php REST API calls.

References

github.com/nilsteampassnet/TeamPass/issues/2765
nvd.nist.gov/vuln/detail/CVE-2020-11671

Code Behaviors & Features

Detect and mitigate CVE-2020-11671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →