Titra
Monthly
Titra time tracking software versions 0.99.49 and below contain a mass assignment vulnerability in their API that allows authenticated users to inject arbitrary fields into time entries through an unvalidated customfields parameter, enabling attackers to overwrite protected data such as user IDs, hours, and entry states. Public exploit code exists for this vulnerability which affects the integrity of tracked time data. The issue is resolved in version 0.99.50.
Unauthorized access control in Titra versions 0.99.49 and earlier enables authenticated users to view and modify time entries belonging to other users in private projects without proper authorization. Public exploit code exists for this vulnerability, affecting deployments that have not upgraded to version 0.99.50. The flaw allows authenticated attackers to compromise data integrity and confidentiality of other users' tracked time information.
Titra time tracking software versions 0.99.49 and below contain a mass assignment vulnerability in their API that allows authenticated users to inject arbitrary fields into time entries through an unvalidated customfields parameter, enabling attackers to overwrite protected data such as user IDs, hours, and entry states. Public exploit code exists for this vulnerability which affects the integrity of tracked time data. The issue is resolved in version 0.99.50.
Unauthorized access control in Titra versions 0.99.49 and earlier enables authenticated users to view and modify time entries belonging to other users in private projects without proper authorization. Public exploit code exists for this vulnerability, affecting deployments that have not upgraded to version 0.99.50. The flaw allows authenticated attackers to compromise data integrity and confidentiality of other users' tracked time information.