CVE-2025-22129

MEDIUM

Tuleap <16.3 - Info Disclosure

Title source: llm

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (3)

[Patch, Third Party Advisory] https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76

[Permissions Required] https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://tuleap.net/plugins/tracker/?aid=41434

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-280

Status published

Products (2)

enalean/tuleap < 16.2-5

enalean/tuleap < 16.3.99.1736242932

Published Feb 03, 2025

Tracked Since Feb 18, 2026