[MEDIUM] Kimai API returns timesheet entries a user should not be authorized to view

PKSA-x5fv-txyx-qvzn CVE-2024-29200 GHSA-cj3c-5xpm-cx94

Affected version: <2.13.0

Reported by:
GitHub

[HIGH] Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

PKSA-7k8c-hhnj-9sqr CVE-2023-46245 GHSA-fjhg-96cp-6fcw

Affected version: <2.1.0

Reported by:
GitHub