Description
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5
Patch x_refsource_misc
https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667
Broken Link x_refsource_misc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667
Vendor Advisory x_refsource_misc
https://tuleap.net/plugins/tracker/?aid=36803
Scores
CVSS v3
5.4
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
enalean/tuleap
< 15.4-7
enalean/tuleap
< 15.5.99.76
Published
Feb 22, 2024
Tracked Since
Feb 18, 2026