Fixed issue with unauthorized access to tracker names
CVE-2024-47767

4.3MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
14 October 2024

What is CVE-2024-47767?

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Affected Version(s)

tuleap < 15.13.99.113 < 15.13.99.113

tuleap < 15.13-5 < 15.13-5

tuleap < 15.12-8 < 15.12-8

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e1...
x_refsource_MISC
https://github.com/Enalean/tuleap/commit/e5ce81279766115d...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.