CVE-2024-23344

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
enaleantuleap
𝑥
< 15.3.5
enaleantuleap
15.2.99.49 ≤
𝑥
< 15.4.99.140
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42
https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42
https://tuleap.net/plugins/tracker/?aid=35862
https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42
https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42
https://tuleap.net/plugins/tracker/?aid=35862