Moderate severityNVD Advisory· Published Dec 30, 2024· Updated Dec 30, 2024
CVE-2024-50701
CVE-2024-50701
Description
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nilsteampassnet/teampassPackagist | < 3.1.3.1 | 3.1.3.1 |
Affected products
1Patches
1ddbb2d3d9408Fix issue related to user allowed folder by definition
5 files changed · +48 −33
includes/config/include.php+1 −1 modified@@ -28,7 +28,7 @@ define('TP_VERSION', '3.1.2'); define("UPGRADE_MIN_DATE", "1727110744"); -define('TP_VERSION_MINOR', '144'); +define('TP_VERSION_MINOR', '145'); define('TP_TOOL_NAME', 'Teampass'); define('TP_ONE_DAY_SECONDS', 86400); define('TP_ONE_WEEK_SECONDS', 604800);
includes/tables_integrity.json+15 −15 modified@@ -9,23 +9,23 @@ }, { "table_name": "background_subtasks", - "structure_hash": "54f2e975e46967ae42ae5402f68f6748db047a9b7c6cd4beffb2d18155a9acf3" + "structure_hash": "7b4eb36d263132dd07e87cb27bc8018dfaeb83a74ac4c155cf1d365c49dceb98" }, { "table_name": "background_tasks", - "structure_hash": "089fe901b3cf7c5a47654279604bca68f3772ae970eac1adfdb75881b072fe20" + "structure_hash": "e772b139800353e3f4e6fb4988b58358ece6100a6e955889e01c5760a18496dd" }, { "table_name": "background_tasks_logs", - "structure_hash": "5a0edc7835ab2ee6a3c2ab8ec665d0ea3c3c20915467548b0b504f72071eb57f" + "structure_hash": "a4391b91f150d47503717bf9510bec04987b186aa5674d3752acd896c1368ab8" }, { "table_name": "cache", - "structure_hash": "a42189363fa630ce50aa709ac271020e710dc46949eb102ef33fba59a9bb625a" + "structure_hash": "70ef1f32b6b6ad9a64f05f02f48098203bcbd1d25bbc3888b942435ca0a902ac" }, { "table_name": "cache_tree", - "structure_hash": "54a46ee10114cbd70f1199a88dd51c6a25d668919e709283bc915b3d0d6e85c8" + "structure_hash": "f69f988e3080f317ed64751f79e14f31fcaaf6518ee5f7bc661d21d28b83ea5b" }, { "table_name": "categories", @@ -57,15 +57,15 @@ }, { "table_name": "items", - "structure_hash": "5e157cc138f056349dca650057ca2ba8eea21fedc5b3f2a29cde43cd20378e10" + "structure_hash": "818e6bf8129bdd6954fbbf7bd700b664b0ef41083f4141a70f30569899858ad3" }, { "table_name": "items_change", "structure_hash": "1560c119b0aa9a2e983fbf56ad584da6fd8e35517fdbd9c1144e6144a35512dd" }, { "table_name": "items_edition", - "structure_hash": "6136a16c129449448ebfc7266ca42e86f020b3892e1c4aa869c2255176bd284e" + "structure_hash": "e47ac1d0a60dfc921f85bb618e0fa18cc80955f51da6c82ca90e9e7813a83981" }, { "table_name": "items_otp", @@ -97,19 +97,19 @@ }, { "table_name": "log_items", - "structure_hash": "d8bb457689d7e5e6343c0fa83c4d934323c4109f2eade8f3e365d6db031fd41f" + "structure_hash": "f29ee1e97b386ffe1ec9ad461f43592c86033c26d676df325dfab1638072807a" }, { "table_name": "log_system", - "structure_hash": "4b3ccbfe4abc5e9c60d84833483a9a7e2f29a3c8b29bb6d34b42df441430d0f4" + "structure_hash": "81d0d2379faa884c71ca8a31544c9136a47d322ddf547efea6e8871cdf626e04" }, { "table_name": "misc", - "structure_hash": "d3f4410ec4c37c578fb9486f889c7c714e6434d956d5d44c9049fb33d994bf0b" + "structure_hash": "f15d8b74690ff1b8518540d990c9c6650c7ca4dfef7fd5e10e84c0e80025b765" }, { "table_name": "nested_tree", - "structure_hash": "bd4056f24f5dc53535872c6b6821c03ab3191ea9ce0680c6050ae01fa2cd751d" + "structure_hash": "4ef87432650c25446c9c2b6c23c662b9876e48cf46c981cdc3f6a722a7a58cf4" }, { "table_name": "notification", @@ -145,7 +145,7 @@ }, { "table_name": "restriction_to_roles", - "structure_hash": "abb09363fe79997ed4e9d8563cb70da357cd9ba06322b91ede72554b883a2e52" + "structure_hash": "c4f0c0258dd10a4350b068d1ac298ee292a45b75f0fafb136a191dafece8f891" }, { "table_name": "rights", @@ -169,7 +169,7 @@ }, { "table_name": "sharekeys_items", - "structure_hash": "6b6d714ea462093c90d2ae16970cc7b3753c130611fca3830fa03c6a4dca44da" + "structure_hash": "b2ee750c2361cac5ca5cfc3d98de03ea080b69a3f90306ed56c929206dfa30ba" }, { "table_name": "sharekeys_logs", @@ -185,15 +185,15 @@ }, { "table_name": "tags", - "structure_hash": "827feb17a9599367ff539b5223ef2d696738aaa9a4029a3bb2dd2a2a75ccdcf9" + "structure_hash": "e0dd91554725bb2084ecd15154008bc34575bacf2b03d8cdb69960a46e8fe99d" }, { "table_name": "templates", "structure_hash": "c5e9a2f81ee9afd61aae7ec79ea28ceb1773c5c48fb847bf61c0bf546b287266" }, { "table_name": "tokens", - "structure_hash": "33d70cb41a8742d39628d926bc175f9eb23343c128998f7116c99ae7b0c542a9" + "structure_hash": "75fbcb4913406a504a7d4f7c4af941469840aaa26db1a9bf3689a05774787d6c" }, { "table_name": "user_requests",
pages/items.js.php+16 −13 modified@@ -3197,8 +3197,10 @@ function(data) { ); return false; } - if (debugJavascript === true) console.log('RETURNED DATA'); - if (debugJavascript === true) console.log(data); + if (debugJavascript === true) { + console.log('RETURNED DATA'); + console.log(data); + } if (data.error === true) { toastr.remove(); toastr.error( @@ -3259,7 +3261,7 @@ function(data) { // Close edit form and reopen folders-tree-card with refreshed item. $('.form-item, #form-item-attachments-zone').addClass('hidden'); $('#folders-tree-card').removeClass('hidden'); - item_id = store.get('teampassItem').id !== '' ? store.get('teampassItem').id : data.item_id; + item_id = store.get('teampassItem').id !== '' ? store.get('teampassItem').id : data.item_id; Details(item_id, 'show', true); } } @@ -4850,7 +4852,6 @@ function(teampassItem) { } ); - //$('#items-list-container'); if (actionType === 'show') { // Prepare Views $('.item-details-card, #item-details-card-categories').removeClass('hidden'); @@ -4878,7 +4879,7 @@ function(teampassItem) { $('#items-list-container').removeClass('col-md-7').addClass('hidden'); $('#items-details-container').removeClass('col-md-5').addClass('col-md-12'); } - + // Show item details $('#items-details-container').removeClass('hidden'); @@ -4984,7 +4985,6 @@ function(teampassItem) { if (debugJavascript === true) console.log('onChange:', contents, $editable); userDidAChange = true; if (debugJavascript === true) console.log('User did a change on #form-item-suggestion-description > ' + userDidAChange); - //$('#form-item-suggestion-description').attr('data-change-ongoing', true);; } } } @@ -5346,10 +5346,10 @@ function(teampassItem) { .attr('data-next-item-id', dataItemKey.next('.list-item-row').attr('data-item-id')) .removeClass('hidden'); } - */ if (debugJavascript === true) { - //console.log("PREV: " + dataItemKey.attr('data-item-key') + " - NEXT: " + $('#list-item-row_'+data.id).next('.list-item-row').attr('data-item-id')); + console.log("PREV: " + dataItemKey.attr('data-item-key') + " - NEXT: " + $('#list-item-row_'+data.id).next('.list-item-row').attr('data-item-id')); } + */ // Inform user toastr.remove(); @@ -5510,8 +5510,10 @@ function(data) { $.when( getPrivilegesOnItem(selectedFolderId, 1) ).then(function(retData) { - console.log('getPrivilegesOnItem 3') - console.log(retData) + if (debugJavascript === true) { + console.log('getPrivilegesOnItem 3'); + console.log(retData); + } if (retData.error === true) { toastr.remove(); toastr.error( @@ -5655,9 +5657,10 @@ function(data) { ); e.clearSelection(); }); - - console.log("-------------"); - console.log(data); + if (debugJavascript === true) { + console.log("-------------"); + console.log(data); + } // Prepare recursive call to get new OTP code var replayDelayInMilliseconds = data.otp_expires_in*1000;
sources/items.queries.php+15 −3 modified@@ -4055,6 +4055,13 @@ array_push($arrTmp, 0); } } + } else { + // Ensure to give access Right if allowed folder + if (in_array($inputData['id'], $session->get('user-accessible_folders')) === true) { + array_push($arrTmp, 50); + } else { + array_push($arrTmp, 0); + } } } // 3.0.0.0 - changed MIN to MAX @@ -4446,11 +4453,11 @@ // ----- END CASE 6 ----- } elseif ( (int) $record['perso'] !== 1 - && (int) $session->get('user-read_only') === 1 + && in_array($record['tree_id'], $session->get('user-allowed_folders_by_definition')) ) { - // Case 7 - Is user readonly? + // Case 7 - Is folder allowed by definition for this user? // Allow limited rights - $right = 10; + $right = 70; // --- // ----- END CASE 7 ----- } elseif ( @@ -7458,6 +7465,11 @@ function getCurrentAccessRights(int $userId, int $itemId, int $treeId): array if (in_array($treeId, $session->get('user-read_only_folders'))) { return getAccessResponse(false, true, false, false); } + + // Check if the folder is in the user's allowed folders list defined by admin + if (in_array($treeId, $session->get('user-allowed_folders_by_definition'))) { + return getAccessResponse(false, true, true, true); + } // Check if the folder is personal to the user foreach ($visibleFolders as $folder) {
sources/main.functions.php+1 −1 modified@@ -452,7 +452,6 @@ function identUser( array $SETTINGS, object $tree ) { - $session = SessionManager::getSession(); // Init $session->set('user-accessible_folders', []); @@ -476,6 +475,7 @@ function identUser( $noAccessFolders = convertToArray($noAccessFolders); $userRoles = convertToArray($userRoles); $allowedFolders = convertToArray($allowedFolders); + $session->set('user-allowed_folders_by_definition', $allowedFolders); // Get list of folders depending on Roles $arrays = identUserGetFoldersFromRoles(
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-2697-96mv-3gfmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-50701ghsaADVISORY
- github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88dghsaWEB
- github.com/nilsteampassnet/TeamPass/compare/3.1.2...3.1.3.1ghsaWEB
- github.com/nilsteampassnet/TeamPass/compare/3.1.3...3.1.3.1ghsaWEB
News mentions
0No linked articles in our index yet.