How severe is CVE-2024-29200?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-29200?

This is classified as CWE-1220, which is a common weakness in software security.

CVE-2024-29200 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting the `view_other_timesheet` permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0.

Related Vulnerabilities

CVE-2023-6725

MEDIUM

CVSS:6.6(Medium)

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker wi...

CWE-12202023

CVE-2022-1177

MEDIUM

CVSS:6.5(Medium)

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

CWE-12202022

CVE-2023-32259

MEDIUM

CVSS:6.5(Medium)

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control...

CWE-12202023

CVE-2023-43040

MEDIUM

CVSS:6.5(Medium)

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

CWE-12202023

CVE-2023-4456

MEDIUM

CVSS:6.5(Medium)

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as ...

CWE-12202023

CVE-2024-2035

MEDIUM

CVSS:6.5(Medium)

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify t...

CWE-12202024