Unrated severityNVD Advisory· Published Jun 6, 2022· Updated Apr 23, 2025
Tracker report renderer and chart widgets leak information in Tuleap
CVE-2022-24896
Description
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/Enalean/tuleap/commit/8e99e7c82d9fe569799019b9e1d614d38a184313mitrex_refsource_MISC
- github.com/Enalean/tuleap/security/advisories/GHSA-x962-x43g-qw39mitrex_refsource_CONFIRM
- tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
- tuleap.net/plugins/tracker/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.