CVE-2024-46988
14.10.2024, 18:15
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to. Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.Enginsight
| Vendor | Product | Version |
|---|---|---|
| enalean | tuleap | 𝑥 < 15.12-6 |
| enalean | tuleap | 𝑥 < 15.13.99.40 |
| enalean | tuleap | 15.13-0 ≤ 𝑥 < 15.13-3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-280 - Improper Handling of Insufficient Permissions or PrivilegesThe application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
- CWE-755 - Improper Handling of Exceptional ConditionsThe software does not handle or incorrectly handles an exceptional condition.