High severity8.1NVD Advisory· Published Jul 27, 2023· Updated Jun 17, 2026
CVE-2023-38510
CVE-2023-38510
Description
Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- tolgee/tolgee-platformv5Range: >= 3.14.0, < 3.23.1
Patches
Vulnerability mechanics
References
4- github.com/tolgee/tolgee-platform/commit/4776cba67e7bb8c1b0259376e3e5fa3bb46e45c7nvdPatch
- github.com/tolgee/tolgee-platform/pull/1818nvdPatch
- github.com/tolgee/tolgee-platform/security/advisories/GHSA-4f9j-4vh4-p85vnvdVendor Advisory
- github.com/tolgee/tolgee-platform/releases/tag/v3.23.1nvdRelease Notes
News mentions
0No linked articles in our index yet.