Sensitive Data Exposure in Tuleap by Enalean
CVE-2025-27150

5.3MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
4 March 2025

What is CVE-2025-27150?

Tuleap, an Open Source Suite designed to enhance software development management and collaboration, contains a vulnerability that results in the Redis password being stored in system data collection archives. These archives are often utilized by support teams who should not possess access to this sensitive information. The issue has been addressed in released updates including Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition versions 16.4-6 and 16.3-11.

Affected Version(s)

tuleap < 16.4.99.1740492866

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/a6702622a8db969a...
x_refsource_MISC
https://tuleap.net/plugins/tracker/?aid=41870
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.