Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.11 views

CVE-2024-29200

Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...

6.8CVSS6.6AI score0.00644EPSS
Exploits1References1
NVD
NVD
added 2024/03/28 2:15 p.m.29 views

CVE-2024-29200

Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...

6.8CVSS6.4AI score0.00644EPSS
Exploits1References1
CVE
CVE
added 2024/03/28 1:28 p.m.88 views

CVE-2024-29200

Kimai API flaw CVE-2024-29200 exposes timesheet entries to users who should be restricted. The issue stems from inconsistent handling of the view_other_timesheet permission between the UI and API, where the UI restricts data to a user’s teams but the API returns all timesheets when querying /api/...

6.8CVSS6.4AI score0.00644EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/03/28 1:28 p.m.31 views

CVE-2024-29200 API returns timesheet entries a user should not be authorized to view

Kimai is a web-based multi-user time-tracking application. The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet...

6.8CVSS6.6AI score0.00644EPSS
Exploits1References1
Rows per page
Query Builder