CVE-2023-35938

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 14.9.99.63

Description The issue occurs when switching from a project visibility that allows restricted users to Private without restricted, where restricted users that are project administrators retain their access rights. These users can still access the project and perform some administration actions.

Recommendations For versions prior to 14.9.99.63, upgrade to version 14.9.99.63 to resolve the issue. As a temporary workaround, consider restricting access to project administration actions for restricted users who were project administrators before the visibility switch, until the upgrade is applied.