6.5

CVE-2024-25130

EPSS 0.19%
Veröffentlicht 22.02.2024 19:15:08
Zuletzt bearbeitet 05.02.2025 21:55:35
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 15.4-7

Enalean ≫ Tuleap SwEditioncommunity Version < 15.5.99.76

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.5 < 15.5-4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.413

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	5.4	1.2	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5

Patch

Vendor Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667

Broken Link

https://tuleap.net/plugins/tracker/?aid=36803

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-25130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25130

EUVD