CVE-2024-50703: 
PHP vulnerability analysis and mitigation

TeamPass before version 3.1.3.1 contains a privilege escalation vulnerability identified as CVE-2024-50703. The vulnerability allows a user to act with the privileges of a different user_id, potentially leading to unauthorized access and privilege escalation. This security issue was discovered and disclosed on December 30, 2024 (NVD, MITRE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. The issue is classified under CWE-472 (External Control of Assumed-Immutable Web Parameter), indicating a weakness in the application's parameter validation mechanisms (NVD).

The vulnerability allows authenticated users to potentially escalate their privileges by manipulating user_id parameters, enabling them to perform actions with permissions of other users in the system. This could lead to unauthorized access to sensitive information and potential manipulation of user-specific data (NVD).

Users should upgrade to TeamPass version 3.1.3.1 or later, which contains the fix for this vulnerability. The fix was implemented through changes in the user permissions handling mechanism (TeamPass Commit).