CVE-2023-1070
published 2023-02-27CVE-2023-1070: External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
PriorityP434high7.1CVSS 3.1
AVNACLPRLUINSUCNILAH
EPSS
0.82%
52.7th percentile
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | nilsteampassnet_teampass | >= unspecified < 3.0.0.22 | 3.0.0.22 |
| nilsteampassnet | teampass | >= 0 < 3.0.0.23 | 3.0.0.23 |
| teampass | teampass | < 3.0.0.22 | 3.0.0.22 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TeamPass External Control of File Name or Path vulnerability
ghsa·2023-02-27
CVE-2023-1070 [HIGH] CWE-73 TeamPass External Control of File Name or Path vulnerability
TeamPass External Control of File Name or Path vulnerability
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
OSV
TeamPass External Control of File Name or Path vulnerability
osv·2023-02-27
CVE-2023-1070 [HIGH] TeamPass External Control of File Name or Path vulnerability
TeamPass External Control of File Name or Path vulnerability
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
No detection rules found.
No public exploits indexed.
https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889chttps://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c
2023-02-27
Published