Tuleap patches vulnerability in user permission validation
CVE-2024-23344

5.3MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
6 February 2024

What is CVE-2024-23344?

Tuleap, an open-source suite designed to enhance software development and collaboration, has a vulnerability associated with misconfigured user permissions. This flaw allows unauthorized users to potentially access restricted information through certain processes, such as mail notifications, which do not correctly validate permission levels among multiple users. The issue affects versions of Tuleap prior to 15.4.99.140 and has been addressed in this release.

Affected Version(s)

tuleap < 15.4.99.140

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/0329e21d268510bc...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.