10 matches found
CVE-2024-32470
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...
CVE-2024-32466
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...
CVE-2024-32470
Tolgee (open-source localization platform) contains a vulnerability in versions 3.57.2 through 3.57.3 where an API key created by a server/admin user can bypass permission checks. The issue enables elevated access without proper authorization, as admin-created API keys bypass the normal authoriza...
CVE-2024-32470 Tolgee' API keys created by server admin users bypass the permission check
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32466
Tolgee's CVE-2024-32466 affects the Tolgee localization platform. The vulnerability concerns the /v2/projects/translations and /v2/projects/{projectId}/translations endpoints, where translation data could be returned when the API key lacked the translation.view scope, potentially exposing data to...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...
CVE-2024-32466 Tolgee's API key scopes not checked when querying translation data
Tolgee is an open-source localization platform. For the /v2/projects/translations and /v2/projects/projectId/translations endpoints, translation data was returned even when API key was missing translation.view scope. However, it was impossible to fetch the data when user was missing this scope. S...