Unauthorized Access Vulnerability in Tuleap Open Source Suite
CVE-2025-24029

5.3MEDIUM

Key Information:

Vendor
Enalean
Status
Tuleap
Vendor
CVE Published:
3 February 2025

Summary

Tuleap Open Source Suite has a vulnerability allowing unauthorized users, including potentially anonymous individuals on public project dashboards, to access sensitive artifacts. This issue has been resolved in Tuleap Community Edition 16.3.99.1737562605 and Tuleap Enterprise Editions 16.3-5 and 16.2-7. Users are strongly encouraged to upgrade to these versions to mitigate the risk of exposure. No workarounds are currently available.

Affected Version(s)

tuleap < 16.3.99.1737562605

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.