4.3

CVE-2024-50701

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TeampassTeampass Version < 3.1.3.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.237
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d
Patch
https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1
Product
https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1
Product