Exploitation Summary
CVE-2020-12478 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
Nuclei Templates (1)
TeamPass 2.1.27.36 - Improper Authentication
HIGHVERIFIEDby arafatansari
Shodan:
http.html:"teampass"
FOFA:
body="teampass"
References (1)
Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/nilsteampassnet/TeamPass/issues/2764
Scores
CVSS v3
7.5
EPSS
0.0722
EPSS Percentile
93.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (2)
nilsteampassnet/teampass
Packagist
teampass/teampass
2.1.27.36
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026