CVE-2024-50701: TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's...

4.3 CVSS

Description

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

Classification

CVE ID: CVE-2024-50701

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: TeamPass

Product: TeamPass

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1
https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1
https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d

Timeline

2024-12-31 00:30:19 UTC
CVE

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's...