CVE-2024-32466

Name of the Vulnerable Software and Affected Versions Tolgee versions prior to 3.57.2

Description Tolgee is an open-source localization platform. The issue concerns the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, where translation data was returned even when the API key was missing the translation.view scope. However, it was impossible to fetch the data when the user was missing this scope. This is only relevant for API keys generated by users permitted to translation.view.

Recommendations For versions prior to 3.57.2, update to version 3.57.2 to resolve the issue. As a temporary workaround, consider restricting access to the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints for API keys without the translation.view scope.