CVE-2023-2859
published 2023-05-24CVE-2023-2859: Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.65%
73.6th percentile
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | nilsteampassnet_teampass | >= unspecified < 3.0.9 | 3.0.9 |
| nilsteampassnet | teampass | >= 0 < 3.0.9 | 3.0.9 |
| teampass | teampass | < 3.0.9 | 3.0.9 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Code injection in nilsteampassnet/teampass
osv·2023-05-24
CVE-2023-2859 [HIGH] Code injection in nilsteampassnet/teampass
Code injection in nilsteampassnet/teampass
nilsteampassnet/teampass prior to 3.0.9 is vulnerable to code injection. A malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on an admin who edits the folder, as the payload could execute upon the admin's interaction with the folder. This attack could potentially allow the attacker to gain unauthorized access to the admin's system or steal sensitive information, or it could force admin to get redirected to a website controlled by the attacker.
GHSA
Code injection in nilsteampassnet/teampass
ghsa·2023-05-24
CVE-2023-2859 [HIGH] CWE-94 Code injection in nilsteampassnet/teampass
Code injection in nilsteampassnet/teampass
nilsteampassnet/teampass prior to 3.0.9 is vulnerable to code injection. A malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on an admin who edits the folder, as the payload could execute upon the admin's interaction with the folder. This attack could potentially allow the attacker to gain unauthorized access to the admin's system or steal sensitive information, or it could force admin to get redirected to a website controlled by the attacker.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387afhttps://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0bahttps://github.com/nilsteampassnet/teampass/commit/1f51482a0c4d152ca876844212b0f8f3cb9387afhttps://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba
2023-05-24
Published