CVE-2024-32466

Опубликовано: 18 апр. 2024

Источник: nvd

CVSS3: 2.7

CVSS3: 4.3

EPSS Низкий

Описание

Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to translation.view. This vulnerability is fixed in v3.57.2

Ссылки

https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821
Patch
https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc
Vendor Advisory
https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821
Patch
https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tolgee:tolgee:*:*:*:*:*:*:*:*

Версия до 3.57.2 (исключая)

EPSS

Процентиль: 38%

0.00167

Низкий

2.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862

EPSS

Процентиль: 38%

0.00167

Низкий

2.7 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862