Peppermint

peppermint

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-46864 1Peppermint 1Peppermint Nov 21, 2024 Oct 30, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
CVE-2023-46863 1Peppermint 1Peppermint Nov 21, 2024 Oct 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
CVE-2023-42328 1Peppermint 1Peppermint Nov 21, 2024 Sep 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2023-26984 1Peppermint 1Peppermint Feb 18, 2025 Mar 29, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.