Tuleap Fixes Security Vulnerability in Tracker Feature
CVE-2024-25130

6.5MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
22 February 2024

What is CVE-2024-25130?

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.

Affected Version(s)

tuleap < 15.5.99.76 < 15.5.99.76

tuleap >= 15.5, < 15.5-4 < 15.5, 15.5-4

tuleap < 15.4-7 < 15.4-7

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/57978a32508f5c6d...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.