CVE-2025-24029

EPSS 0.16%
Veröffentlicht 03.02.2025 22:15:28
Zuletzt bearbeitet 22.08.2025 15:59:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 16.2-7

Enalean ≫ Tuleap SwEditioncommunity Version < 16.3.99.1737562605

Enalean ≫ Tuleap SwEditionenterprise Version >= 16.3 < 16.3-5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.37

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9

Patch

Third Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804

Permissions Required

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75

Permissions Required

https://tuleap.net/plugins/tracker/?aid=41476

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-24029