CVE-2024-47766

MEDIUM

Tuleap <15.13.99.110, <15.13-5, <15.12-5 - Info Disclosure

Title source: llm

Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

References (4)

[Exploit, Patch, Third Party Advisory] https://github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hx

[Patch] https://github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674

View Patch ZIP pw:eip

[Issue Tracking, Patch] https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=529d11b70796589767dd27a40ebadf3eaf8f5674

[Exploit, Third Party Advisory] https://tuleap.net/plugins/tracker/?aid=39736

Scores

CVSS v3 4.9

EPSS 0.0016

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-755 CWE-280

Status published

Products (2)

enalean/tuleap < 15.12-8

enalean/tuleap < 15.13.99.110

Published Oct 14, 2024

Tracked Since Feb 18, 2026