CVE-2024-47767

Exploit

EPSS 0.43%
Veröffentlicht 14.10.2024 18:15:04
Zuletzt bearbeitet 17.10.2024 13:50:45
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap lists trackers in the quick add actions of the backlog without any permissions check

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 11

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 15.12-8

Enalean ≫ Tuleap SwEditioncommunity Version < 15.13.99.113

Enalean ≫ Tuleap SwEditionenterprise Version >= 15.13-0 < 15.13-5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.343

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89

Patch

https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec

Patch

https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

Patch

https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v

Patch

Third Party Advisory

Exploit

Issue Tracking

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=16d9efccb2fad8e10343be2604e94c9058ef2c89

Patch

Issue Tracking

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=e5ce81279766115dc0f126a11d6b5065b5db7eec

Patch

Issue Tracking

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

Patch

Issue Tracking

https://tuleap.net/plugins/tracker/?aid=39728

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-47767

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47767

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47767

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47767