CVE-2026-42279
MEDIUM
5,8
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: high
Availability: none
Description
AI Translation Available
solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entry UUID to be modified and rebound to objects in the caller's organization. This issue has been patched in version 0.12.1.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0002
Percentile
0,1th
Updated
Single Data Point
Only one EPSS measurement is available for this CVE. Trend analysis requires multiple data points over time.
639
Authorization Bypass Through User-Controlled Key
IncompleteCommon Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Application
Solidtime by Solidtime
CPE Identifier
View Detailed Analysis
cpe:2.3:a:solidtime:solidtime:0.12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/solidtime-io/solidtime/security/advisories/GHSA-pmf9-pxq9-cc…
https://github.com/solidtime-io/solidtime/commit/b73aa543fdf5b61c37447307ab7277…
https://github.com/solidtime-io/solidtime/releases/tag/v0.12.1
https://github.com/solidtime-io/solidtime/security/advisories/GHSA-pmf9-pxq9-cc…