CVE-2024-29200
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-29200
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-29200.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-29200
- Aliases
- Published
- 2024-03-28T13:28:36.005Z
- Modified
- 2025-11-30T18:48:09.496878Z
- Severity
-
- 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- API returns timesheet entries a user should not be authorized to view
- Details
-
Kimai is a web-based multi-user time-tracking application. The permission
view_other_timesheetperforms differently for the Kimai UI and the API, thus returning unexpected data through the API. When setting theview_other_timesheetpermission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When requesting all timesheets from the API, however, all timesheet entries are returned, regardless of whether the user shares team permissions or not. This vulnerability is fixed in 2.13.0. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29200.json", "cwe_ids": [ "CWE-1220" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/kevinpapst/kimai2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/kevinpapst/kimai2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1
0.2
0.3
0.4
0.5
0.6
0.6.1
0.7
0.8
0.8.1
0.9
1.*
1.0
1.0.1
1.1
1.10
1.10.1
1.10.2
1.11
1.11.1
1.12
1.13
1.14
1.14.1
1.14.2
1.14.3
1.15
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.16
1.16.1
1.16.10
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.17
1.17.1
1.18
1.18.1
1.18.2
1.19
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7
1.2
1.20
1.20.1
1.20.2
1.20.3
1.20.4
1.21.0
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.25.0
1.26.0
1.27.0
1.28.0
1.28.1
1.29.0
1.29.1
1.3
1.30.0
1.30.1
1.30.4
1.4
1.4.1
1.4.2
1.5
1.6
1.6.1
1.6.2
1.7
1.8
1.9
2.*
2.0.0
2.0.0-alpha
2.0.0-beta
2.0.0-beta-2
2.0.0-beta-3
2.0.0-rc-1
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.10.0
2.11.0
2.12.0
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
Git / github.com/kimai/kimai
Affected versions
0.*
0.1
0.2
0.3
0.4
0.5
0.6
0.6.1
0.7
0.8
0.8.1
0.9
1.*
1.0
1.0.1
1.1
1.10
1.10.1
1.10.2
1.11
1.11.1
1.12
1.13
1.14
1.14.1
1.14.2
1.14.3
1.15
1.15.1
1.15.2
1.15.3
1.15.4
1.15.5
1.15.6
1.16
1.16.1
1.16.10
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.17
1.17.1
1.18
1.18.1
1.18.2
1.19
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.19.7
1.2
1.20
1.20.1
1.20.2
1.20.3
1.20.4
1.21.0
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.25.0
1.26.0
1.27.0
1.28.0
1.28.1
1.29.0
1.29.1
1.3
1.30.0
1.30.1
1.30.4
1.4
1.4.1
1.4.2
1.5
1.6
1.6.1
1.6.2
1.7
1.8
1.9
2.*
2.0.0
2.0.0-alpha
2.0.0-beta
2.0.0-beta-2
2.0.0-beta-3
2.0.0-rc-1
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.10.0
2.11.0
2.12.0
2.2.0
2.2.1
2.3.0
2.4.0
2.4.1
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0