CVE-2024-32470

2024-04-1815:15:30

Google

osv.dev

tolgee

open-source

platform

api key

bypass

permission check

v3.57.2

v3.57.4

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.1%

JSON

Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.

CPENameOperatorVersion
tolgee-platformeq2.2.1
tolgee-platformeq2.44.0
tolgee-platformeq3.33.0
tolgee-platformeq3.28.3
tolgee-platformeq1.0.0-alpha.110
tolgee-platformeq2.33.0
tolgee-platformeq2.1.2
tolgee-platformeq1.0.0-alpha.80
tolgee-platformeq2.12.4
tolgee-platformeq2.27.2

Name	Operator	Version
tolgee-platform	eq	2.2.1
tolgee-platform	eq	2.44.0
tolgee-platform	eq	3.33.0
tolgee-platform	eq	3.28.3
tolgee-platform	eq	1.0.0-alpha.110
tolgee-platform	eq	2.33.0
tolgee-platform	eq	2.1.2
tolgee-platform	eq	1.0.0-alpha.80
tolgee-platform	eq	2.12.4
tolgee-platform	eq	2.27.2

Rows per page:

1-10 of 5281

References

github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234

github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw

github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc