CVE-2024-37167

EPSS 0.35%
Veröffentlicht 25.06.2024 20:15:11
Zuletzt bearbeitet 22.08.2025 15:43:40
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap has improper permissions of the backlog items

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 15.8-5

Enalean ≫ Tuleap SwEditioncommunity Version < 15.9.99.97

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.9 < 15.9-3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.27

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/Enalean/tuleap/commit/13eec93a353d2daf47bb8b9c548cc02f78b93a5e

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-4c9f-284j-phvj

Vendor Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=13eec93a353d2daf47bb8b9c548cc02f78b93a5e

Broken Link

https://tuleap.net/plugins/tracker/?aid=38297

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-37167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-37167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37167

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-37167