PT-2024-19823 · Unknown · Tuleap Community Edition

Nicolas Terray

Published

2024-02-06

Updated

2024-02-15

CVE-2024-23344

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 15.4.99.140

Description Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users, such as during mail notifications.

Recommendations For versions prior to 15.4.99.140, update to version 15.4.99.140 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and mail notifications until the update is applied.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-23344

GHSA-M3V5-2J5Q-X85W

Affected Products

Tuleap Community Edition

PT-2024-19823 · Unknown · Tuleap Community Edition

CVE-2024-23344

Weakness Enumeration

Related Identifiers

Affected Products

References · 12