CVE-2024-50701

MEDIUM

Teampass < 3.1.3.1 - Incorrect Privilege Assignment

Title source: rule

Description

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

References (3)

Core 3

Core References

Patch

https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d

View Patch ZIP pw:eip

Product

https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1

Product

https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1

Scores

CVSS v3 4.3

EPSS 0.0009

EPSS Percentile 26.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266

Status published

Products (2)

nilsteampassnet/teampass 0 - 3.1.3.1Packagist

teampass/teampass < 3.1.3.1

Published Dec 30, 2024

Tracked Since Feb 18, 2026