Peppermint Lab
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42328 | Hig | 0.57 | 8.8 | 0.01 | Sep 18, 2023 | An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | ||
| CVE-2023-26984 | Hig | 0.53 | 8.1 | 0.01 | Mar 29, 2023 | An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. | ||
| CVE-2024-31525 | Hig | 0.47 | 7.2 | 0.00 | Mar 5, 2025 | Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client… | ||
| CVE-2023-46864 | Med | 0.35 | 5.3 | 0.01 | Oct 30, 2023 | Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. |
- risk 0.57cvss 8.8epss 0.01
An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.
- risk 0.53cvss 8.1epss 0.01
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
- risk 0.47cvss 7.2epss 0.00
Peppermint Ticket Management 0.4.6 is vulnerable to Incorrect Access Control. A regular registered user is able to elevate his privileges to admin and gain complete access to the system as the authorization mechanism is not validated on the server side and only on the client…
- risk 0.35cvss 5.3epss 0.01
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.