Tuleap · Tuleap · CVE-2022-24896
**Name of the Vulnerable Software and Affected Versions**
Tuleap versions prior to 13.7.99.239
**Description**
The issue arises from improper authorization verification when displaying the content of tracker report renderer and chart widgets. This allows malicious users to retrieve the name of a tracker they cannot access, as well as the names of fields used in reports.
**Recommendations**
For versions prior to 13.7.99.239, update to version 13.7.99.239 or later to resolve the issue. As a temporary workaround, consider restricting access to the tracker report renderer and chart widgets to minimize the risk of exploitation.