CVE-2024-50701

Published: Dec 30, 2024Modified: Sep 29, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: MITRE (Secondary)

Description

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

Affected (1)

Products: Teampass: Teampass

Teampass

1 product

Teampass

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Teampass Teampass	Before 3.1.3.1

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (3)

https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d

Source: cve@mitre.org

Patch

https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1

Source: cve@mitre.org

Product

https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1

Source: cve@mitre.org

Product

Timeline

No history available yet.