CVE-2024-46988

MEDIUM

Enalean Tuleap < 15.12-6 - Improper Exception Handling

Title source: rule
STIX 2.1

Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

References (2)

Scores

CVSS v3 4.8
EPSS 0.0029
EPSS Percentile 52.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-755 CWE-280
Status published
Products (2)
enalean/tuleap < 15.12-6
enalean/tuleap < 15.13.99.40
Published Oct 14, 2024
Tracked Since Feb 18, 2026