PT-2025-9687 · Unknown+2 · Tuleap Enterprise Edition+2
Tgerbet
+1
·
Published
2025-03-04
·
Updated
2025-08-22
·
CVE-2025-27150
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tuleap versions prior to 16.4.99.1740492866
Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11
Description
The issue concerns the management of sensitive information, specifically the password for connecting to the Redis instance, which is not properly removed from system data archives generated by the
tuleap collect-system-data command. These archives may be accessed by support teams, who should not have access to this password.Recommendations
For Tuleap versions prior to 16.4.99.1740492866, update to version 16.4.99.1740492866 or later.
For Tuleap Enterprise Edition versions prior to 16.4-6, update to version 16.4-6 or later.
For Tuleap Enterprise Edition version 16.3, update to version 16.3-11 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redis
Tuleap
Tuleap Enterprise Edition