CVE-2024-47767 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Affected Products (NVD)

Vendor	Product	Version
enalean	tuleap	𝑥 < 15.12-8
enalean	tuleap	𝑥 < 15.13.99.113
enalean	tuleap	15.13-0 ≤ 𝑥 < 15.13-5

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
enalean	tuleap	𝑥 < 15.13.99.113	ADP
enalean	tuleap_enterprise	𝑥 < 15.12-8	ADP
enalean	tuleap_enterprise	15.13 ≤ 𝑥 < 15.13-5	ADP

Known Exploits!

Common Weakness Enumeration

CWE-280 - Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
CWE-755 - Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.

References

https://github.com/Enalean/tuleap/commit/16d9efccb2fad8e10343be2604e94c9058ef2c89

https://github.com/Enalean/tuleap/commit/e5ce81279766115dc0f126a11d6b5065b5db7eec

https://github.com/Enalean/tuleap/commit/f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

https://github.com/Enalean/tuleap/security/advisories/GHSA-j342-v27q-329v

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=16d9efccb2fad8e10343be2604e94c9058ef2c89

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=e5ce81279766115dc0f126a11d6b5065b5db7eec

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=f89d7093d2c576ad5e2b35a6a096fcdaf563d1df

https://tuleap.net/plugins/tracker/?aid=39728