Unrated severityNVD Advisory· Published Oct 14, 2024· Updated Oct 15, 2024

Permissions are incorrectly verified for project administrators in the cross tracker search widget

CVE-2024-47766

Description

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue.

Affected products

Enalean/Tuleapv5
Range: < 15.13.99.110

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/529d11b70796589767dd27a40ebadf3eaf8f5674mitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-qfrh-fv84-93hxmitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000