CVE-2024-50701 - Vulnerability Details

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Teampass	Teampass

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Teampass	Teampass

References

Link	Providers
https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d
https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1
https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1

History

Mon, 30 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Dec 2024 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-266
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Mon, 30 Dec 2024 15:15:00 +0000

Type	Values Removed	Values Added
Description		TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
References		https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d https://github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1 https://github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-12-30T00:00:00

Updated: 2024-12-30T16:58:19.828Z

Reserved: 2024-10-28T00:00:00

Link: CVE-2024-50701

Vulnrichment

Updated: 2024-12-30T16:58:16.053Z

NVD

Status : Received

Published: 2024-12-30T15:15:10.430

Modified: 2024-12-30T16:15:11.387

Link: CVE-2024-50701

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T15:42:28Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object