Improper access control in Tolgee - CVE-2024-52297
Published: November 12, 2024 / Updated: June 2, 2026
Tolgee
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and modify configuration-dependent behavior.
The vulnerability exists due to improper access control in the PublicConfigurationDTO when exposing configuration data to users. A remote attacker can access the publicly exposed configuration DTO to disclose sensitive information and modify configuration-dependent behavior.