Unrated severityNVD Advisory· Published Feb 3, 2025· Updated Feb 4, 2025

Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap

CVE-2025-22129

Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Enalean/Tuleapv5
Range: < 16.3.99.1736242932

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76mitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000