Tuleap Fixes Email Notification Issue in Latest Releases
CVE-2024-46988

5.7MEDIUM

Key Information:

Vendor: Enalean
Status: Tuleap
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-46988?

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

Affected Version(s)

tuleap < 15.13.99.40 < 15.13.99.40

tuleap < 15.13-3 < 15.13-3

tuleap < 15.12-6 < 15.12-6

References

https://github.com/Enalean/tuleap/security/advisories/GHS...

x_refsource_CONFIRM

https://tuleap.net/plugins/tracker/?aid=39686

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024