Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Related CPE's

Could not find any relations

References

https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674

https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674

https://tuleap.net/plugins/tracker/?aid=39736

Weaknesses

[email protected]

Primary
CWE-280

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2024-10-14T18:15:04.387

4 months ago

Last modified

2024-10-14T18:15:04.387

4 months ago