PT-2025-38408 · Unknown · Tuleap Community Edition+1

Lesuisse

Publicado

2025-09-18

Atualizado

2025-09-18

CVE-2025-59040

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.11.99.1757427600 Tuleap Enterprise Edition versions prior to 16.11-6 Tuleap Enterprise Edition version 16.10-8

Description Backlog item representations do not verify the permissions of child trackers, potentially allowing users to view tracker names they should not have access to.

Recommendations Update Tuleap Community Edition to version 16.11.99.1757427600. Update Tuleap Enterprise Edition to version 16.11-6. Update Tuleap Enterprise Edition to version 16.10-8.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-280

Identificadores relacionados

CVE-2025-59040

GHSA-67XC-39V9-PFFG

Produtos afetados

Tuleap Community Edition

Tuleap Enterprise Edition

PT-2025-38408 · Unknown · Tuleap Community Edition+1

CVE-2025-59040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8