Improper Access Control in TeamPass Affecting User Privileges
CVE-2024-50702

5.4MEDIUM

Key Information:

Vendor: Teampass
Status: Teampass
Vendor: CVE Published:; 30 December 2024

What is CVE-2024-50702?

TeamPass versions prior to 3.1.3.1 exhibit a vulnerability where the system fails to properly verify if the mail_me operation is executed on behalf of an administrator or manager. This oversight can enable unauthorized users to perform administrative actions, compromising the integrity and confidentiality of sensitive data. Organizations utilizing affected versions are advised to update to version 3.1.3.1 or later to mitigate this issue.

Affected Version(s)

TeamPass 0 < 3.1.3.1

References

https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...

https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...

https://github.com/nilsteampassnet/TeamPass/commit/35e2b4...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024

CVE-2024-50702 Data

JSON

Teampass

What is CVE-2024-50702?

Affected Version(s)

References

CVSS V3.1

Timeline