CVE-2024-23344 MEDIUM

CVE-2024-23344: Tuleap's content of artifacts might be readable by unauthorized users

Vendor Enalean

Product tuleap

Weakness CWE-200 · Info exposure

Published February 6, 2024

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.

Key dates

02Disclosure timeline

February 6, 2024 CVE published

May 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-23344 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2024-23344: Tuleap's content of artifacts might be readable by unauthorized users

01Description

02Disclosure timeline

03References

04Related CVE