CVE-2024-30246

EPSS 0.62%
Veröffentlicht 29.03.2024 16:15:08
Zuletzt bearbeitet 10.07.2025 17:13:14
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap deleting or moving an artifact can delete values from unrelated artifacts

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted.  This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

NVD 10 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditioncommunity Version >= 14.11.99.34 < 15.7.99.6

Enalean ≫ Tuleap SwEditionenterprise Version >= 14.12-1 < 14.12-6

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.0-1 < 15.0-9

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.1-1 < 15.1-9

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.2-1 < 15.2-5

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.3-1 < 15.3-6

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.4-1 < 15.4-8

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.5-1 < 15.5-6

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.6-1 < 15.6-5

Enalean ≫ Tuleap Version15.7-1 SwEditionenterprise

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.62%	0.45

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
security-advisories@github.com	7.6	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE-440 Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

https://github.com/Enalean/tuleap/commit/a0ba0ae82a29eb8bfacef286778e5e49954f5316

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-jc7g-4pcv-8jcj

Third Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a0ba0ae82a29eb8bfacef286778e5e49954f5316

Permissions Required

https://tuleap.net/plugins/tracker/?aid=37545

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-30246

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-30246

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-30246

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-30246