CVE-2023-38510
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/07/2023
Última modificación:
03/08/2023
Descripción
*** Pendiente de traducción *** Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.
Impacto
Puntuación base 3.x
8.10
Gravedad 3.x
ALTA
Productos y versiones vulnerables
CPE | Desde | Hasta |
---|---|---|
cpe:2.3:a:tolgee:tolgee:*:*:*:*:*:*:*:* | 3.14.0 (incluyendo) | 3.23.1 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página