CVE-2024-47767 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_M	CNA	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
enalean	tuleap	𝑥 < 15.12-8
enalean	tuleap	𝑥 < 15.13.99.113
enalean	tuleap	15.13-0 ≤ 𝑥 < 15.13-5

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-280 - Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.

References

https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89

https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec

https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=16d9efccb2fad8e10343be2604e94c9058ef2c89

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=e5ce81279766115dc0f126a11d6b5065b5db7eec

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

https://tuleap.net/plugins/tracker/?aid=39728