Miggo Logo
Miggo Vulnerability Database
CVE-2023-2591

CVE-2023-2591: teampass vulnerable to code injection

7.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-2591
GHSA ID
GHSA-prj5-2g2p-x2mw
EPSS Score
0.51253%
CWE
CWE-79
Published
5/9/2023
Updated
11/11/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
nilsteampassnet/teampasscomposer< 3.0.73.0.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The key vulnerability stemmed from improper input sanitization in the label field handling. The commit diff shows the label field's DOMPurify.sanitize() call was initially missing strict HTML profile restrictions (html:true was implicitly allowed). This allowed attackers to inject malicious HTML/scripts. The patch explicitly disables HTML parsing in DOMPurify's configuration, confirming the original function's parameters were the root cause. The function's presence in the data processing flow for item labels directly matches the vulnerability's attack vector described in CWE-79 and CWE-94.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In nilst**mp*ssn*t/t**mp*ss prior to *.*.*, i* two us*rs **v* t** s*m* *ol**r ****ss, m*li*ious us*rs **n *r**t* *n it*m w**r* its l***l *i*l* is vuln*r**l* to *TML inj**tion. W**n ot**r us*rs s** t**t it*m, it m*y *or** t**m to r**ir**t to t** *tt**

Reasoning

T** k*y vuln*r**ility st*mm** *rom improp*r input s*nitiz*tion in t** l***l *i*l* **n*lin*. T** *ommit *i** s*ows t** l***l *i*l*'s `*OMPuri*y.s*nitiz*()` **ll w*s initi*lly missin* stri*t *TML pro*il* r*stri*tions (*tml:tru* w*s impli*itly *llow**).