CVE-2024-32466

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Apr 18, 2024

CWE ID 862

Summary

CVE-2024-32466 affects the Tolgee localization platform, which is open-source. This vulnerability pertains to the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, where translation data was returned even without a valid API key containing the `translation.view` scope. However, regular users lacking this scope could not access the data. This issue only posed a risk for API keys issued to authorized users with the `translation.view` permission. The vulnerability has been mitigated in version 3.57.2.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vWwq8g
https://www.cve.org/CVERecord?id=CVE-2024-32466
https://nvd.nist.gov/vuln/detail/CVE-2024-32466

Back to Vulnerability Database

CVE-2024-32466

CVSS 3.1 Score 2.7 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations