CNNVD-202601-1362 Information

CNNVD ID

CNNVD-202601-1362

Related CVE

CVE-2026-21695

• CNNVD Published: 2026-01-08

Description (Chinese)

titra是kromit开源的一款时间跟踪项目。 titra 0.99.49及之前版本存在安全漏洞，该漏洞源于API存在批量分配漏洞，允许经过身份验证的用户通过customfields参数注入任意字段，绕过业务逻辑控制。

Description (English)

Titra is a time-tracking project for kromit open sources. There is a security loophole in the tita 0.99.49 and earlier versions, which stems from the bulk distribution gap in API, which allows the user with the authentication to inject any field through the Customfields parameters, bypassing business logic controls.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

kromit

Published

2026-01-08

Last Modified

2026-02-24

References

https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938 https://github.com/kromitgmbh/titra/security/advisories/GHSA-gc65-vr47-jppq

Patch

https://github.com/kromitgmbh/titra/releases