Description
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Enalean/tuleap/security/advisories/GHSA-v6vm-6rxf-7p2v
Patch x_refsource_misc
https://github.com/Enalean/tuleap/commit/403eb69f4cfafe52254c8f9bdbe66e1fedadc254
Patch, Broken Link x_refsource_misc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=403eb69f4cfafe52254c8f9bdbe66e1fedadc254
Issue Tracking, Vendor Advisory x_refsource_misc
https://tuleap.net/plugins/tracker/?aid=45583
Scores
CVSS v3
6.5
EPSS
0.0005
EPSS Percentile
15.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (2)
enalean/tuleap
< 16.12-10
enalean/tuleap
< 17.0.99.1762431347
Published
Dec 08, 2025
Tracked Since
Feb 18, 2026