PT-2025-9687 · Unknown+2 · Tuleap Enterprise Edition+2
Tgerbet
+1
·
Publicado
2025-03-04
·
Atualizado
2025-08-22
·
CVE-2025-27150
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tuleap versions prior to 16.4.99.1740492866
Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11
Description
The issue concerns the management of sensitive information, specifically the password for connecting to the Redis instance, which is not properly removed from system data archives generated by the
tuleap collect-system-data command. These archives may be accessed by support teams, who should not have access to this password.Recommendations
For Tuleap versions prior to 16.4.99.1740492866, update to version 16.4.99.1740492866 or later.
For Tuleap Enterprise Edition versions prior to 16.4-6, update to version 16.4-6 or later.
For Tuleap Enterprise Edition version 16.3, update to version 16.3-11 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Redis
Tuleap
Tuleap Enterprise Edition