CVE-2024-25130 MEDIUM

CVE-2024-25130: Tuleap's mass update clears the permissions on artifact field

Vendor Enalean
Product tuleap
Weakness CWE-200 · Info exposure
Published February 22, 2024
Last update August 27, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.

Key dates

02Disclosure timeline

February 22, 2024 CVE published
August 27, 2024 Record updated