CVE-2025-52899

EPSS 0.05%
Veröffentlicht 29.07.2025 19:16:35
Zuletzt bearbeitet 22.08.2025 15:34:29
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 16.8-4

Enalean ≫ Tuleap SwEditioncommunity Version < 16.9.99.1750843170

Enalean ≫ Tuleap SwEditionenterprise Version >= 16.9 < 16.9-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.152

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2

Third Party Advisory

https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07

Patch

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07

Permissions Required

https://tuleap.net/plugins/tracker/?aid=43674

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-52899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52899

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-52899