PT-2024-32804 · Unknown · Tuleap Community Edition+1
Kevin Traini
+1
·
Published
2024-10-14
·
Updated
2024-10-17
·
CVE-2024-47766
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tuleap Community Edition versions prior to 15.13.99.110
Tuleap Enterprise Edition versions prior to 15.13-5
Tuleap Enterprise Edition versions prior to 15.12-8
Description
Tuleap is a tool for end to end traceability of application and system developments. Administrators of a project can access the content of trackers with permissions restrictions of a project they are members of but not admin via the cross tracker search widget.
Recommendations
For Tuleap Community Edition versions prior to 15.13.99.110, update to version 15.13.99.110 or later.
For Tuleap Enterprise Edition versions prior to 15.13-5, update to version 15.13-5 or later.
For Tuleap Enterprise Edition versions prior to 15.12-8, update to version 15.12-8 or later.
Exploit
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tuleap Community Edition
Tuleap Enterprise Edition