CVE-2024-50702

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.1.3.1

Description: The issue arises from the software not properly checking if a mail me (also known as action mail) operation is performed on behalf of an administrator or manager. This lack of verification can lead to unauthorized actions.

Recommendations: For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the mail me operation to minimize the risk of exploitation.

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2024-50702

GHSA-7RM3-4W6J-8XX4

Affected Products

Teampass

CVE-2024-50702

Weakness Enumeration

Related Identifiers

Affected Products

References · 11