PT-2024-34394 · Teampass · Teampass
Corentin-Soriano
·
Published
2024-12-30
·
Updated
2024-12-30
·
CVE-2024-50703
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
TeamPass versions prior to 3.1.3.1
Description:
The issue allows a user to act with the privileges of a different
user id. This is due to the software not properly preventing such actions.Recommendations:
For versions prior to 3.1.3.1, update to version 3.1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive operations that rely on
user id privileges until the update is applied.Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teampass