Home > Vulnerability Database > CVE-2024-32470

Mend.io Vulnerability Database

CVE-2024-32470

Date: April 18, 2024

Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.

Language: KOTLIN

Severity Score

6.5

Related Resources (5)

Url: https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-r95p-fqqv-fppc

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32470

Url: https://github.com/tolgee/tolgee-platform/commit/a0d861028d931f8a54387770eaf3a75031b81234

Url: https://github.com/tolgee/tolgee-platform/security/advisories/GHSA-pm57-hcm8-38gw

Url: https://www.mend.io/vulnerability-database/CVE-2024-32470

Severity Score

6.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32470

Date: April 18, 2024

Language: KOTLIN

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?