CVE-2014-3771 - Vulnerability Details - OpenCVE

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Teampass	Teampass

Configuration 1 [-]

OR	cpe:2.3:a:teampass:teampass::beta::::::*
	cpe:2.3:a:teampass:teampass:2.1:::::::*
	cpe:2.3:a:teampass:teampass:2.1.1:::::::*
	cpe:2.3:a:teampass:teampass:2.1.2:::::::*
	cpe:2.3:a:teampass:teampass:2.1.3:::::::*
	cpe:2.3:a:teampass:teampass:2.1.4:::::::*
	cpe:2.3:a:teampass:teampass:2.1.5:::::::*
	cpe:2.3:a:teampass:teampass:2.1.10:::::::*
	cpe:2.3:a:teampass:teampass:2.1.13:::::::*
	cpe:2.3:a:teampass:teampass:2.1.14:::::::*
	cpe:2.3:a:teampass:teampass:2.1.15:::::::*
	cpe:2.3:a:teampass:teampass:2.1.18:::::::*
	cpe:2.3:a:teampass:teampass:2.1.19:::::::*

No data.

References

Link	Providers
http://teampass.net/installation/2.1.20-released.html
http://www.openwall.com/lists/oss-security/2014/05/18/2
http://www.openwall.com/lists/oss-security/2014/05/19/5
https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-07T10:00:00

Updated: 2024-08-06T10:57:17.242Z

Reserved: 2014-05-19T00:00:00

Link: CVE-2014-3771

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-08-07T11:13:35.077

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3771

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-08-07T07:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3771", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"name": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f", "refsource": "CONFIRM", "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"name": "http://teampass.net/installation/2.1.20-released.html", "refsource": "CONFIRM", "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:17.242Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3771", "datePublished": "2014-08-07T10:00:00", "dateReserved": "2014-05-19T00:00:00", "dateUpdated": "2024-08-06T10:57:17.242Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*", "matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C", "versionEndIncluding": "2.1.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) \"change_user_language\" request to sources/main.queries.php."}, {"lang": "es", "value": "TeamPass anterior a 2.1.20 permite a atacantes remotos evadir las restricciones de acceso a trav\u00e9s de la ruta del fichero de idiomas en (1) una solicitud en index.php o (2) una solicitud 'change_user_language' en sources/main.queries.php."}], "id": "CVE-2014-3771", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-07T11:13:35.077", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}