exploitDog

CVE-2026-21694

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 6.8

CVSS3: 8.1

EPSS Низкий

Описание

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Ссылки

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938
Patch
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
Exploit
Vendor Advisory
https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kromit:titra:*:*:*:*:*:*:*:*

Версия до 0.99.50 (исключая)

EPSS

Процентиль: 9%

0.00033

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

EPSS

Процентиль: 9%

0.00033

Низкий

6.8 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo