Home > Vulnerability Database > CVE-2024-32466

Mend.io Vulnerability Database

CVE-2024-32466

Date: April 18, 2024

Tolgee is an open-source localization platform. For the "/v2/projects/translations" and "/v2/projects/{projectId}/translations" endpoints, translation data was returned even when API key was missing "translation.view" scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to "translation.view". This vulnerability is fixed in v3.57.2

Language: KOTLIN

Severity Score

2.7

Related Resources (4)

Url: https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc

Url: https://github.com/tolgee/tolgee-platform/commit/f71213925d6f80019f841db0ead9baa7488c1821

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32466

Url: https://www.mend.io/vulnerability-database/CVE-2024-32466

Severity Score

2.7

Weakness Type (CWE)

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32466

Date: April 18, 2024

Language: KOTLIN

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?