Impact
For endpoints
- GET
/v2/projects/translations
- GET
/v2/projects/{projectId}/translations
Translation data were returned even when the API key was missing the translation.view scope.
However, it was impossible to fetch the data when the user was missing these scopes. So this is only relevant for API keys generated by users permitted to translation.view or keys.view.
Information about keys was returned even when keys.view scope was for API key or for the user entirely. However, to retrieve such data, the user needed to have at least some project permission.
Patches
Fixed in v3.57.2
Impact
For endpoints
/v2/projects/translations/v2/projects/{projectId}/translationsTranslation data were returned even when the API key was missing the
translation.viewscope.However, it was impossible to fetch the data when the user was missing these scopes. So this is only relevant for API keys generated by users permitted to
translation.vieworkeys.view.Information about keys was returned even when
keys.viewscope was for API key or for the user entirely. However, to retrieve such data, the user needed to have at least some project permission.Patches
Fixed in v3.57.2