Peppermint-Lab/peppermint

Peppermint-Lab/peppermint

Releases35

Frequency1 month 1 week

Last Release over 1 year ago

Stars3.13K

An open source issue management & help desk solution. A zendesk & jira alternative

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-46863 ↗	Oct 30, 2023Monday, 30 October 2023, 00:15	7.5 HIGH	—
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.
CVE-2023-46864 ↗	Oct 30, 2023Monday, 30 October 2023, 00:15	5.3 MEDIUM	—
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.
CVE-2023-42328 ↗	Sep 18, 2023Monday, 18 September 2023, 16:15	8.8 HIGH	—
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
CVE-2023-26984 ↗	Mar 29, 2023Wednesday, 29 March 2023, 18:15	8.1 HIGH	—
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.