CVE-2024-52297

Published: Nov 12, 2024Modified: Sep 11, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2.

Affected (1)

Products: Tolgee: Tolgee

Tolgee

1 product

Tolgee

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tolgee Tolgee	Version 3.81.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://github.com/tolgee/tolgee-platform/pull/2481/files#diff-d16735590f0f2db7cd782e2966fa18426b94b5e4030fa8b1f5e00cd55686fe7f

Source: security-advisories@github.com

Patch

https://github.com/tolgee/tolgee-platform/pull/2689/files

Source: security-advisories@github.com

Patch

https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-3wr3-889v-pgcj

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.