CVE-2024-32466

🗓️ 18 Apr 2024 15:02:43Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 89 Views🌐 WEB

Tolgee open-source platform sensitive data exposure vulnerability fixed in v3.57.

Reporter	Title	Published	Views	Family All 8
CNNVD	Tolgee 安全漏洞	18 Apr 202400:00	–	cnnvd
Cvelist	CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data	18 Apr 202415:02	–	cvelist
EUVD	EUVD-2024-30281	3 Oct 202520:07	–	euvd
NVD	CVE-2024-32466	18 Apr 202415:15	–	nvd
OSV	CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data	18 Apr 202415:02	–	osv
Positive Technologies	PT-2024-24593 · Tolgee · Tolgee	18 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-32466	23 May 202510:17	–	redhatcve
Vulnrichment	CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data	18 Apr 202415:02	–	vulnrichment

NVD

Vulners

Node

tolgee tolgeeRange<3.57.2

[
  {
    "vendor": "tolgee",
    "product": "tolgee-platform",
    "versions": [
      {
        "version": "< 3.57.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821
github	www.github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc

Parameter	Position	Path	Description	CWE
Authorization	header	/v2/projects/translations	Endpoint returns translation data without requiring translation.view scope for API keys.	CWE-862
Authorization	path	/v2/projects/{projectId}/translations	Endpoint returns translation data without requiring translation.view scope for API keys when accessed with a specific projectId.	CWE-862
projectId	path	/v2/projects/{projectId}/translations	Endpoint returns translation data without requiring translation.view scope for API keys when accessed with a specific projectId.	CWE-862

11 Sep 2025 21:31Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.12.7 - 4.3

EPSS0.00167

SSVC

CWE-862