Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NKromit Titra
APPKromit< 0.99.50
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2025-69288CRITICAL9.1PL ✓ten sam produkt
RCE w Titra — nieoczyszczona wartość timeEntryRule wykonywana przez NodeVM
CVE-2022-2595CRITICAL10.0ten sam produkt
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
CVE-2022-2098CRITICAL9.8ten sam produkt
Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.
CVE-2022-2027HIGH8.0ten sam produkt
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77....
CVE-2026-21695MEDIUM4.3ten sam produkt
Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignme...