๐Ÿ” CVE Alert

CVE-2024-50702

MEDIUM 5.4
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

CWE CWE-266
Vendor teampass
Product teampass
Published Dec 30, 2024
Last Updated Dec 30, 2024
Stay Ahead of the Next One

Get instant alerts for teampass teampass

Be the first to know when new medium vulnerabilities affecting teampass teampass are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

TeamPass / TeamPass
0 < 3.1.3.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1 github.com: https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1 github.com: https://github.com/nilsteampassnet/TeamPass/commit/35e2b479f2379545b4132bc30a9d052ba7018bf9