Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Related CPE's

a

enalean

tuleap

3

References

https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx

ExploitPatchThird Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674

Issue TrackingPatch

https://tuleap.net/plugins/tracker/?aid=39736

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-280

[email protected]

Primary
CWE-755

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-14T16:15:04.387Z

1 year ago

Last modified

2024-10-17T11:48:40.240Z

1 year ago