CVE-2019-1000001

{"id": "CVE-2019-1000001", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-02-04T21:29:00.643", "references": [{"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/nilsteampassnet/TeamPass/issues/2495", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage."}, {"lang": "es", "value": "TeamPass, en versiones 2.1.27 y anteriores, contiene una vulnerabilidad de almacenamiento de contrase\u00f1as en formato recuperable en los almacenes de contrase\u00f1as compartidos que puede resultar en que todas las contrase\u00f1as se pueden recuperar del lado del servidor. Este ataque parece ser explotable mediante una vulnerabilidad que puede omitir la autenticaci\u00f3n o la asignaci\u00f3n de roles y puede conducir al filtrado de las contrase\u00f1as compartidas."}], "lastModified": "2024-11-21T04:17:38.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0D717DD-5451-4388-AEA7-44FAE59A8510", "versionEndIncluding": "2.1.27.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}