Vulnerability Details CVE-2024-25130
Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.4%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667
- https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667
- https://tuleap.net/plugins/tracker/?aid=36803
- https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667
- https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667
- https://tuleap.net/plugins/tracker/?aid=36803
Products affected by CVE-2024-25130
-
cpe:2.3:a:enalean:tuleap:-
-
cpe:2.3:a:enalean:tuleap:11.15-1
-
cpe:2.3:a:enalean:tuleap:11.15-8
-
cpe:2.3:a:enalean:tuleap:11.16-1
-
cpe:2.3:a:enalean:tuleap:11.16-6
-
cpe:2.3:a:enalean:tuleap:11.16-7
-
cpe:2.3:a:enalean:tuleap:11.16.99.173
-
cpe:2.3:a:enalean:tuleap:11.17-1
-
cpe:2.3:a:enalean:tuleap:11.17-5
-
cpe:2.3:a:enalean:tuleap:11.17.99.144
-
cpe:2.3:a:enalean:tuleap:11.17.99.146
-
cpe:2.3:a:enalean:tuleap:12.10
-
cpe:2.3:a:enalean:tuleap:12.11-2
-
cpe:2.3:a:enalean:tuleap:12.9.99.228
-
cpe:2.3:a:enalean:tuleap:13.12-6
-
cpe:2.3:a:enalean:tuleap:13.6-5
-
cpe:2.3:a:enalean:tuleap:13.7-1
-
cpe:2.3:a:enalean:tuleap:13.7-4
-
cpe:2.3:a:enalean:tuleap:13.7.99.239
-
cpe:2.3:a:enalean:tuleap:13.8.99.49
-
cpe:2.3:a:enalean:tuleap:14.0
-
cpe:2.3:a:enalean:tuleap:14.0-3
-
cpe:2.3:a:enalean:tuleap:14.0.99.24
-
cpe:2.3:a:enalean:tuleap:14.10
-
cpe:2.3:a:enalean:tuleap:14.10-2
-
cpe:2.3:a:enalean:tuleap:14.10.99.4
-
cpe:2.3:a:enalean:tuleap:14.11.99.34
-
cpe:2.3:a:enalean:tuleap:14.12-1
-
cpe:2.3:a:enalean:tuleap:14.12-6
-
cpe:2.3:a:enalean:tuleap:14.4-7
-
cpe:2.3:a:enalean:tuleap:14.5
-
cpe:2.3:a:enalean:tuleap:14.5-2
-
cpe:2.3:a:enalean:tuleap:14.5.99.4
-
cpe:2.3:a:enalean:tuleap:14.7-7
-
cpe:2.3:a:enalean:tuleap:14.7.99.143
-
cpe:2.3:a:enalean:tuleap:14.7.99.76
-
cpe:2.3:a:enalean:tuleap:14.8
-
cpe:2.3:a:enalean:tuleap:14.8-3
-
cpe:2.3:a:enalean:tuleap:14.8.99.60
-
cpe:2.3:a:enalean:tuleap:14.9-5
-
cpe:2.3:a:enalean:tuleap:15.0-1
-
cpe:2.3:a:enalean:tuleap:15.0-9
-
cpe:2.3:a:enalean:tuleap:15.1-1
-
cpe:2.3:a:enalean:tuleap:15.1-8
-
cpe:2.3:a:enalean:tuleap:15.1-9
-
cpe:2.3:a:enalean:tuleap:15.2
-
cpe:2.3:a:enalean:tuleap:15.2-1
-
cpe:2.3:a:enalean:tuleap:15.2-4
-
cpe:2.3:a:enalean:tuleap:15.2-5
-
cpe:2.3:a:enalean:tuleap:15.2.99.103
-
cpe:2.3:a:enalean:tuleap:15.2.99.49
-
cpe:2.3:a:enalean:tuleap:15.3-1
-
cpe:2.3:a:enalean:tuleap:15.3-6
-
cpe:2.3:a:enalean:tuleap:15.3.5
-
cpe:2.3:a:enalean:tuleap:15.4-1
-
cpe:2.3:a:enalean:tuleap:15.4.99.140
-
cpe:2.3:a:enalean:tuleap:15.5
-
cpe:2.3:a:enalean:tuleap:15.5-1