CVE-2024-50702 Information

Description

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.

Reference

https://github.com/nilsteampassnet/TeamPass/commit/35e2b479f2379545b4132bc30a9d052ba7018bf9 https://github.com/nilsteampassnet/TeamPass/compare/3.1.2…3.1.3.1 https://github.com/nilsteampassnet/TeamPass/compare/3.1.3…3.1.3.1