← Back

CVE-2024-50702

nvd nist
Published: Dec 30, 2024Modified: Sep 29, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

Affected (1)

Products: Teampass: Teampass
Teampass
1 product
Teampass
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Teampass
Before 3.1.3.1

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (3)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product

Timeline

No history available yet.